CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Cyber Express
Critical n8n Vulnerability CVE-2026-25049 Enables Remote Command Execution
A newly disclosed critical vulnerability, tracked as CVE-2026-25049, in the workflow automation platform n8n, allows authenticated users to execute arbitrary system commands on the underlying server ...
-
security.nl
NCSC waarschuwt Ivanti EPMM-klanten: ga ervan uit dat je bent gehackt en meld je
Het Nationaal Cyber Security Centrum (NCSC) waarschuwt organisaties die gebruikmaken van Ivanti Endpoint Manager Mobile (EPMM) dat ze ervan moeten uitgaan dat hun EPMM-server is gehackt. Ook worden de ...
-
CybersecurityNews
APT28 Hackers Exploiting Microsoft Office Vulnerability to Compromise Government Agencies
Russian state-sponsored actors known as APT28 have initiated a sophisticated cyber espionage campaign targeting high-value government and military entities across Europe. The primary targets include m ...
-
reddit.com
CVE-2025-11730: Remote Code Execution via DDNS configuration in ZYXEL ATP/USG Series (V5.41)
Let us know your cookie preferences Reddit uses cookies and similar technologies to: Keep the website operational and running properly Prevent fraud and abuse Monitor site usage and performance metric ...
-
The Hacker News
Critical n8n Flaw CVE-2026-25049 Enables System Command Execution via Malicious Workflows
A new, critical security vulnerability has been disclosed in the n8n workflow automation platform that, if successfully exploited, could result in the execution of arbitrary system commands. The flaw, ...
-
The Hacker News
Hackers Exploit React2Shell to Hijack Web Traffic via Compromised NGINX Servers
Cybersecurity researchers have disclosed details of an active web traffic hijacking campaign that has targeted NGINX installations and management panels like Baota (BT) in an attempt to route it throu ...
-
seclists.org
SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS)
Full Disclosure mailing list archives SEC Consult SA-20260202-0 :: Multiple vulnerabilities in Native Instruments Native Access (MacOS) From: SEC Consult Vulnerability Lab via Fulldisclosure <fulldisc ...
-
seclists.org
CyberDanube Security Research 20260119-0 | Authenticated Command Injection in Phoenix Contact TC Router Series
Full Disclosure mailing list archives CyberDanube Security Research 20260119-0 | Authenticated Command Injection in Phoenix Contact TC Router Series From: Thomas Weber | CyberDanube via Fulldisclosure ...
-
seclists.org
[KIS-2026-03] Blesta <= 5.13.1 (2Checkout) Multiple PHP Object Injection Vulnerabilities
Full Disclosure mailing list archives From: Egidio Romano <n0b0d13s () gmail com> Date: Wed, 4 Feb 2026 11:50:59 +0100 -------------------------------------------------------------------------- Blesta ...
-
seclists.org
[KIS-2026-02] Blesta <= 5.13.1 (Admin Interface) Multiple PHP Object Injection Vulnerabilities
Full Disclosure mailing list archives From: Egidio Romano <n0b0d13s () gmail com> Date: Wed, 4 Feb 2026 11:49:40 +0100 -------------------------------------------------------------------------------- ...