CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
Predator Spyware Compamy Used 15 Zero-Days Since 2021 to Target iOS Users
A commercial spyware company called Intellexa has exploited 15 zero-day vulnerabilities since 2021 to target iOS and Android users worldwide. The company, known for developing the Predator spyware, co ...
-
CybersecurityNews
Critical React2Shell RCE Vulnerability Exploited in the Wild to Execute Malicious Code
A critical remote code execution vulnerability, tracked as CVE-2025-55182 and dubbed “React2Shell,” is now under active exploitation in the wild. GreyNoise researchers have detected opportunistic, lar ...
-
Huntress
Hardening the Hypervisor: Practical Defenses Against Ransomware Targeting ESXi
Hypervisors are the backbone of modern virtualized environments, but when compromised, they can become a force multiplier for attackers. A single breach at this layer can put dozens or even hundreds o ...
-
Daily CyberSecurity
High-Severity Duc Disk Tool Flaw (CVE-2025-13654) Risks DoS and Information Leak via Integer Underflow
A stack-based buffer overflow vulnerability has been discovered in Duc, a popular open-source tool used for indexing and visualizing disk usage on Linux systems. The flaw, tracked as CVE-2025-13654, w ...
-
Daily CyberSecurity
High-Severity lz4-java Flaw (CVE-2025-66566) Leaks Uninitialized Memory During Decompression
A high-severity vulnerability has been unearthed in lz4-java, a widely used Java library for the LZ4 compression algorithm. Tracked as CVE-2025-66566, the flaw carries a CVSS score of 8.2, signaling a ...
-
Daily CyberSecurity
Critical Cal.com Flaw (CVE-2025-66489, CVSS 9.9) Allows Authentication Bypass by Submitting Fake TOTP Codes
A severe security vulnerability has been uncovered in Cal.com, the popular open-source scheduling platform positioned as the successor to Calendly. The flaw, which carries a near-maximum severity rati ...
-
Daily CyberSecurity
High-Severity WatchGuard Flaws Risk VPN DoS and RCE via IKEv2 Memory Corruption
WatchGuard Technologies has released a critical series of security advisories addressing five high-severity vulnerabilities across its Firebox product line. The flaws, which affect the Fireware OS, co ...
-
Daily CyberSecurity
Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain
The mercenary spyware industry remains a persistent and adaptable threat, with the notorious vendor Intellexa continuing to expand its arsenal despite facing significant geopolitical headwinds. A new ...
-
The Register
Apache warns of 10.0-rated flaw in Tika metadata ingestion tool
Infosec in Brief The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit. Tika detects and extracts metadata from over 1,000 different file formats. Last August, Apache reporte ...
-
Daily CyberSecurity
urllib3 Flaws Risk Client DoS via Unbounded Decompression and Streaming Resource Exhaustion
The maintainers of urllib3, the ubiquitous HTTP client for Python, have issued a security advisory detailing two high-severity vulnerabilities that could allow malicious servers to crash client applic ...