CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Hacker News
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, ...
-
The Hacker News
Hackers Exploit React2Shell to Hijack Web Traffic via Compromised NGINX Servers
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it throu ...
-
seclists.org
SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS)
Full Disclosure mailing list archives SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS) From: SEC Consult Vulnerability Lab via Fulldisclosure <fulldisc ...
-
seclists.org
CyberDanube Security Research 20260119-0 | Authenticated Command Injection in Phoenix Contact TC Router Series
Full Disclosure mailing list archives CyberDanube Security Research 20260119-0 | Authenticated Command Injection in Phoenix Contact TC Router Series From: Thomas Weber | CyberDanube via Fulldisclosure ...
-
seclists.org
[KIS-2026-03] Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities
Full Disclosure mailing list archives From: Egidio Romano <n0b0d13s () gmail com> Date: Wed, 4 Feb 2026 11:50:59 +0100 -------------------------------------------------------------------------- Blesta ...
-
seclists.org
[KIS-2026-02] Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities
Full Disclosure mailing list archives From: Egidio Romano <n0b0d13s () gmail com> Date: Wed, 4 Feb 2026 11:49:40 +0100 -------------------------------------------------------------------------------- ...
-
seclists.org
[KIS-2026-01] Blesta <= 5.13.1 (confirm_url) Reflected Cross-Site Scripting Vulnerability
Full Disclosure mailing list archives From: Egidio Romano <n0b0d13s () gmail com> Date: Wed, 4 Feb 2026 11:47:47 +0100 --------------------------------------------------------------------------- Blest ...
-
CybersecurityNews
Amaranth-Dragon Exploiting WinRAR Vulnerability to Gain Persistent to Victim Systems
A sophisticated cyber-espionage group known as Amaranth-Dragon has launched a series of highly targeted attacks against government and law enforcement agencies across Southeast Asia. Active throughout ...
-
Daily CyberSecurity
10 Days to Exploit: Amaranth-Dragon Weaponizes WinRAR Flaw to Spy on SE Asia
A new and relentless cyber-espionage campaign is sweeping across government and law enforcement agencies in Southeast Asia, driven by a threat group that wastes no time in weaponizing freshly disclose ...
-
CybersecurityNews
CISA Warns of VMware ESXi 0-day Vulnerability Exploited in Ransomware Attacks
VMware ESXi 0-day Ransomware Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently confirmed that ransomware groups are actively exploiting CVE-2025-22225, a high-severity V ...