CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
seclists.org
KL-001-2025-013: Xorux XorMon-NG Web Application Privilege Escalation to Administrator
Full Disclosure mailing list archives From: KoreLogic Disclosures via Fulldisclosure <fulldisclosure () seclists org> Date: Mon, 28 Jul 2025 18:39:36 -0500 KL-001-2025-013: Xorux XorMon-NG Web Applica ...
-
seclists.org
KL-001-2025-012: Xorux XorMon-NG Read Only User Export Device Configuration Exposing Sensitive Information
Full Disclosure mailing list archives From: KoreLogic Disclosures via Fulldisclosure <fulldisclosure () seclists org> Date: Mon, 28 Jul 2025 18:38:51 -0500 KL-001-2025-012: Xorux XorMon-NG Read Only U ...
-
The Register
Microsoft spotlights Apple bug patched in March as SharePoint exploits continue
Amidst its own failure to fix a couple of bugs now under mass exploitation and being abused for espionage, data theft, and ransomware infections, Microsoft said Monday that it spotted a macOS vulnerab ...
-
BleepingComputer
Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached ...
-
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
macOS Sploitlight Flaw Exposes Apple Intelligence-Cached Data to Attackers
A newly disclosed macOS vulnerability is allowing attackers to bypass Apple’s privacy controls and access sensitive user data, including files cached by Apple Intelligence. Tracked as CVE-2025-31199, ...
-
BleepingComputer
Exploit available for critical Cisco ISE bug exploited in attacks
Security researcher Bobby Gould has published a blog post demonstrating a complete exploit chain for CVE-2025-20281, an unauthenticated remote code execution vulnerability in Cisco Identity Services E ...
-
BleepingComputer
CISA flags PaperCut RCE bug as exploited in attacks, patch now
CISA warns that threat actors are exploiting a high-severity vulnerability in PaperCut NG/MF print management software, which can allow them to gain remote code execution in cross-site request forgery ...
-
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
Post SMTP Plugin Flaw Allowed Subscribers to Take Over Admin Accounts
If you’re running a WordPress site and rely on the Post SMTP plugin for email delivery, there’s something important you should know. A critical vulnerability is affecting versions 3.2.0 and earlier al ...
-
CybersecurityNews
UNC3886 Hackers Exploiting 0-Days in VMware vCenter/ESXi, Fortinet FortiOS, and Junos OS
Singapore’s critical infrastructure is under siege from UNC3886, a sophisticated China-linked advanced persistent threat (APT) group. As of July 2025, the group has been actively targeting essential s ...
-
security.nl
Duizenden WordPress-sites kwetsbaar door kritiek RCE-lek in plug-in
Duizenden WordPress-sites maken gebruik van een plug-in met een kritieke kwetsbaarheid die remote code execution (RCE) door een ongeauthenticeerde aanvaller mogelijk maakt. Een beveiligingsupdate is b ...