CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Water Gamayun Weaponizes “MSC EvilTwin” Zero-Day for Stealthy Backdoor Attacks
A sophisticated new cyber espionage campaign has been uncovered by Zscaler Threat Hunting, revealing how a Russia-aligned Advanced Persistent Threat (APT) group known as Water Gamayun is weaponizing a ...
-
Daily CyberSecurity
Hidden Danger in 3D: Malicious Blender Files Unleash StealC V2 Infostealer
Morphisec has issued a critical alert regarding a sophisticated malware campaign targeting 3D artists, game developers, and hobbyists. For at least six months, threat actors have been weaponizing 3D m ...
-
Daily CyberSecurity
Zero-Day Warning: Unpatched Twonky Server Flaws Expose Media to Total Takeover
A critical security warning has been issued for users of Twonky Server, the popular media server software found on countless NAS devices and routers. In a concerning development, researchers at Rapid7 ...
-
Daily CyberSecurity
Angular Alert: Protocol-Relative URLs Leak XSRF Tokens (CVE-2025-66035)
The Angular team has issued a high-severity security advisory regarding a logic flaw in the framework’s HTTP Client that could render applications vulnerable to Cross-Site Request Forgery (CSRF) attac ...
-
Daily CyberSecurity
GitLab Patch: Fixes CI/CD Credential Theft & Unauthenticated DoS Attacks
GitLab has released an important security update today affecting both its Community Edition (CE) and Enterprise Edition (EE). The release addresses multiple high-severity vulnerabilities, ranging from ...
-
BleepingComputer
New ShadowV2 botnet malware used AWS outage as a test opportunity
A new Mirai-based botnet malware named ‘ShadowV2’ has been observed targeting IoT devices from D-Link, TP-Link, and other vendors with exploits for known vulnerabilities. Fortinet’s FortiGuard Labs re ...
-
Kaspersky
Microsoft Exchange on-premises hardening recommendations
Few cybersecurity experts would dispute that attacks on Microsoft Exchange servers should be viewed as inevitable, and the risk of compromise remains consistently high. In October, Microsoft ended sup ...
-
BleepingComputer
Popular Forge library gets fix for signature verification bypass flaw
A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could be exploited to bypass signature verifications by crafting data that appears valid. The flaw is tracked as ...
-
The Register
Botnet takes advantage of AWS outage to smack 28 countries
A Mirai-based botnet named ShadowV2 emerged during last October's widespread AWS outage, infecting IoT devices across industries and continents, likely serving as a "test run" for future attacks, acco ...
-
CybersecurityNews
Water Gamayun APT Hackers Exploit MSC EvilTwin Vulnerability to Inject Malicious Code
Water Gamayun, a persistent threat group, has recently intensified its efforts by exploiting a newly identified MSC EvilTwin vulnerability (CVE-2025-26633) in Windows systems. This malware campaign is ...