CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
BleepingComputer
Cisco warns that Unified CM has hardcoded root SSH credentials
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. Cisco Unified ...
-
BleepingComputer
Citrix warns of login issues after NetScaler auth bypass patch
Citrix warns that patching recently disclosed vulnerabilities that can be exploited to bypass authentication and launch denial-of-service attacks may also break login pages on NetScaler ADC and Gatewa ...
-
Cyber Security News
Critical ModSecurity WAF Vulnerability Allows Denial of Service via Empty XML Tags
A newly discovered denial-of-service vulnerability in the ModSecurity Web Application Firewall (WAF) engine has security experts on high alert. The flaw, designated CVE-2025-52891, affects specific ve ...
-
BleepingComputer
Forminator plugin flaw exposes WordPress sites to takeover attacks
The Forminator plugin for WordPress is vulnerable to an unauthenticated arbitrary file deletion flaw that could enable full site takeover attacks. The security issue is tracked as CVE-2025-6463 and ha ...
-
Cyber Security News
CISA Warns of TeleMessage TM SGNL Vulnerabilities Exploited in Attacks
CISA has issued an urgent warning regarding two critical vulnerabilities in TeleMessage TM SGNL that threat actors are currently exploiting in active attack campaigns. The vulnerabilities, tracked as ...
-
security.nl
Franse overheid beschrijft aanvallen op organisaties via Ivanti-lekken
Franse organisaties, waaronder overheidsinstanties, defensiebedrijven en telecombedrijven, zijn eind vorig jaar aangevallen via kwetsbaarheden in Ivanti Cloud Service Appliance (CSA). Op het moment va ...
-
Cyber Security News
Chinese Houken Hackers Exploiting Ivanti CSA Zero-Days to Deploy Linux Rootkits
A sophisticated Chinese threat group identified as Houken has been exploiting multiple zero-day vulnerabilities in Ivanti Cloud Service Appliance (CSA) devices to deploy advanced Linux rootkits and es ...
-
Cyber Security News
YONO SBI Banking App Vulnerability Let Attackers Execute a Man-in-the-Middle Attack
A significant security flaw has been identified in the popular YONO SBI banking application that could potentially expose millions of users to cybersecurity threats. The vulnerability, designated as C ...
-
TheCyberThrone
CISA Adds TelelMessage TM SGNL to KEV Catalog
Skip to contentCVE-2025-48927 — Insecure Spring Boot Heap Dump Exposure📌 Description:This vulnerability exists in TeleMessage TM SGNL due to an exposed Spring Boot Actuator /heapdump endpoint, accessi ...
-
Cyber Security News
Critical WordPress Plugin Vulnerability Exposes 600,000+ Sites to Remote Takeover
A severe arbitrary file deletion vulnerability has been discovered in the popular Forminator WordPress plugin, affecting over 600,000 active installations worldwide. The vulnerability, assigned CVE-20 ...