CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
Hackers Exploiting GeoServer RCE Vulnerability to Deploy CoinMiner
A critical remote code execution vulnerability in GeoServer has become a prime target for cybercriminals deploying cryptocurrency mining malware across global networks. The vulnerability, designated C ...
-
Help Net Security
Ruckus network management solutions riddled with unpatched vulnerabilities
Claroty researcher Noam Moshe has discovered serious vulnerabilities in two Ruckus Networks (formerly Ruckus Wireless) products that may allow attackers to compromise the environments managed by the a ...
-
CybersecurityNews
Critical mcp-remote Vulnerability Exposes LLM Clients to Remote Code Execution Attacks
A critical vulnerability CVE-2025-6514 with a CVSS score of 9.6 affecting the mcp-remote project allows attackers to achieve arbitrary operating system command execution on machines running mcp-remote ...
-
CybersecurityNews
New PerfektBlue Attack Exposes Millions of Cars to Remote Hacking
A new and critical security threat, PerfektBlue, has emerged, targeting OpenSynergy’s BlueSDK Bluetooth framework and posing an unprecedented risk to the automotive industry. This sophisticated attack ...
-
CybersecurityNews
New Opossum Attack Allows Hackers to Compromise Secure TLS Channels with Malicious Messages
The new Opossum attack is a sophisticated cross-protocol application layer desynchronization vulnerability that compromises TLS-based communications. This attack exploits fundamental differences betwe ...
-
The Hacker News
AMD Warns of New Transient Scheduler Attacks Impacting a Wide Range of CPUs
Jul 10, 2025Ravie LakshmananVulnerability / Hardware Security Semiconductor company AMD is warning of a new set of vulnerabilities affecting a broad range of chipsets that could lead to information ...
-
Daily CyberSecurity
SureForms WordPress Plugin Flaw (CVE-2025-6691): Unauthenticated Arbitrary File Deletion Leads to Site Takeover, 200K Sites at Risks
A critical vulnerability in the SureForms WordPress plugin—which has over 200,000 active installations—has exposed websites to a serious threat of arbitrary file deletion, including the potential remo ...
-
Daily CyberSecurity
GitLab Releases Security Updates: XSS and Authorization Bypass Flaws Patched
GitLab has released security updates for its Community Edition (CE) and Enterprise Edition (EE), addressing multiple vulnerabilities that could allow attackers to perform cross-site scripting (XSS) at ...
-
The Hacker News
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 ( ...
-
huntress.com
Wing FTP Server Remote Code Execution (CVE-2025-47812) Exploited in the Wild
Summary TL;DR: Huntress saw active exploitation of Wing FTP Server remote code execution (CVE-2025-47812) on a customer on July 1, 2025. Organizations running Wing FTP Server should update to the fixe ...