CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet!
Microsoft has issued an urgent security advisory for on-premises SharePoint Server customers in response to active exploitation of a critical remote code execution (RCE) vulnerability. The issue—now t ...
-
TheCyberThrone
VMware Fixes Vulnerabilities Exploited at Pwn2Own Berlin
Following successful live exploit demonstrations at the Pwn2Own Berlin 2025 security competition held in May, VMware has patched four zero-day vulnerabilities affecting several of its virtualization p ...
-
CybersecurityNews
New CrushFTP 0-Day Vulnerability Exploited in the Wild to Gain Access to Servers
A critical zero-day flaw in the CrushFTP managed file-transfer platform was confirmed after vendor and threat-intelligence sources confirmed active exploitation beginning on 18 July 2025 at 09:00 CST. ...
-
CybersecurityNews
CISA Warns of Fortinet FortiWeb SQL Injection Vulnerability Exploited in Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Fortinet FortiWeb vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitati ...
-
Daily CyberSecurity
Major npm Supply Chain Attack: Phishing Campaign Steals Maintainer Credentials, Injects Malware into Popular Packages
Image: Socket A deceptive and highly targeted phishing campaign has successfully compromised several popular npm packages, including eslint-config-prettier, eslint-plugin-prettier, and synckit, after ...
-
Daily CyberSecurity
FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available!
A critical SQL injection vulnerability in Fortinet FortiWeb, tracked as CVE-2025-25257, has been added to the CISA Known Exploited Vulnerabilities (KEV) Catalog following confirmation of active exploi ...
-
Daily CyberSecurity
CVE-2025-54309: CrushFTP Targeted in Active Exploits Due to Unpatched Zero-Day Vulnerability
CrushFTP, a widely used secure file transfer server, has issued an urgent advisory regarding a critical zero-day vulnerability, tracked as CVE-2025-54309 (CVSS 9.0), that has been actively exploited i ...
-
Daily CyberSecurity
CVE-2025-4660 (CVSS 8.7) in Forescout SecureConnector Allows Remote Endpoint Hijack, PoC Publishes
NetSPI has uncovered a critical vulnerability in Forescout SecureConnector, a security agent meant to enforce endpoint compliance. This same tool—designed for system hardening—could be abused by attac ...
-
Daily CyberSecurity
Nvidia Flaws Expose Jetson AI & Robotics Platforms to RCE and Data Theft
Nvidia has released a security update for its Jetson Linux and IGX platforms, addressing two vulnerabilities that could expose systems to code execution, data tampering, denial of service, and informa ...
-
BleepingComputer
CrushFTP zero-day exploited in attacks to gain admin access on servers
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnera ...