CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Critical IBM Maximo Flaw (CVE-2025-36386, CVSS 9.8) Allows Unauthenticated Bypass to Cognos Analytics
IBM has issued a critical security advisory warning customers of a high-severity vulnerability (CVE-2025-36386, CVSS 9.8) in IBM Maximo Manage, a core component of the IBM Maximo Application Suite (MA ... Read more
-
seclists.org
SEC Consult SA-20251027-0 :: Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System #CVE-2025-12055
Full Disclosure mailing list archives SEC Consult SA-20251027-0 :: Unauthenticated Local File Disclosure in MPDV Mikrolab MIP 2 / FEDRA 2 / HYDRA X Manufacturing Execution System #CVE-2025-12055 From: ... Read more
-
seclists.org
Re: [FD] : "Glass Cage" – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Full Disclosure mailing list archives From: "Noor Christensen" <kchr+fd () fripost org> Date: Sun, 26 Oct 2025 16:35:45 +0100 On Thu Oct 2, 2025 at 11:45 PM CEST, josephgoyd via Fulldisclosure wrote: ... Read more
-
Daily CyberSecurity
Docker Compose Path Traversal (CVE-2025-62725) Allows Arbitrary File Overwrite via OCI Artifacts
The Docker Compose project has disclosed a high-severity path traversal vulnerability tracked as CVE-2025-62725 (CVSS v4 8.9), which affects users across Docker Desktop, standalone Compose binaries, C ... Read more
-
Daily CyberSecurity
Wear OS Messages Flaw (CVE-2025-12080) Allows Unprivileged Apps to Send SMS/RCS Without Permission, PoC Available
Security researcher Gabriele Digregorio has disclosed a newly identified vulnerability in Google Messages for Wear OS, designated CVE-2025-12080 (CVSS v4 6.9), that allows any installed app to send SM ... Read more
-
Daily CyberSecurity
Critical Magento Flaw (CVE-2025-54236) Actively Exploited for Session Hijacking and Unauthenticated RCE
The Akamai Security Intelligence Group has issued an urgent warning after observing active exploitation in the wild of a newly disclosed Magento vulnerability known as SessionReaper (CVE-2025-54236). ... Read more
-
Daily CyberSecurity
Critical MikroTik Flaw (CVE-2025-61481, CVSS 10.0) Exposes Router Admin Credentials Over Unencrypted HTTP WebFig
A newly disclosed vulnerability, CVE-2025-61481, rated a maximum CVSS score of 10.0, affects MikroTik RouterOS (v7.14.2) and SwitchOS (v2.18) and allows remote attackers to execute arbitrary code or i ... Read more
-
The Register
Firewalls and VPNs are so complex now, they can actually make you less secure
Organizations using Cisco and Citrix VPN devices were nearly seven times as likely to suffer a ransomware infection over a 15-month period, according to At-Bay, a provider of cyber insurance and a ven ... Read more
-
The Cyber Express
CISA Warns that DELMIA Apriso Vulnerabilities Are Under Attack
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two DELMIA Apriso vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Today’s addition of CVE-2025-6204 and ... Read more
-
BleepingComputer
CISA warns of two more actively exploited Dassault vulnerabilities
The Cybersecurity & Infrastructure Security Agency (CISA) warned today that attackers are actively exploiting two vulnerabilities in Dassault Systèmes' DELMIA Apriso, a manufacturing operations manage ... Read more