CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
TheCyberThrone
Fortinet FortiWeb’s CVE-2025-58034: Command Injection Exploited in the Wild
November 20, 2025OverviewOn November 18, 2025, Fortinet disclosed CVE-2025-58034, a medium-severity OS Command Injection vulnerability impacting FortiWeb appliances. Critically, this flaw has been con ...
-
Daily CyberSecurity
Critical ASUSTOR Flaw (CVE-2025-13051) Allows Local DLL Hijacking for SYSTEM Privilege Escalation
ASUSTOR has issued a security advisory warning of a critical DLL hijacking vulnerability affecting its backup and synchronization clients used on Windows systems. Tracked as CVE-2025-13051 and carryin ...
-
Daily CyberSecurity
Critical CVE-2025-65015 Vulnerability in joserfc Could Let Attackers Exhaust Server Resources via Oversized JWT Tokens
A widely used Python library implementing JOSE standards, joserfc, has disclosed a critical uncontrolled resource consumption vulnerability—tracked as CVE-2025-65015 with a CVSS score of 9.2—that can ...
-
Daily CyberSecurity
Cybercriminals Shift Tactics: Group Deploys Multiple RMM Tools (ScreenConnect, LogMeIn, Naverisk) for Redundant Persistence and Access Resale
A highly active cybercriminal group has shifted tactics in a long-running campaign that abuses remote monitoring and management (RMM) software to infiltrate corporate environments. According to a new ...
-
Daily CyberSecurity
Critical Apache Causeway RCE Flaw (CVE-2025-64408) Allows Authenticated Code Execution via Java Deserialization
Apache Causeway, a popular framework for rapidly developing domain-driven Java applications, has been found vulnerable to a critical Java deserialization flaw that could allow authenticated attackers ...
-
Daily CyberSecurity
No More Public BSODs: Windows 11 Will Hide Crash Screens on Public Displays
For many public venues, large displays are used to show advertisements or important information — airports, for instance, rely on expansive screens to present flight arrivals and departures. Some of t ...
-
The Register
Fortinet 'fesses up to second 0-day within a week
Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product tha ...
-
seclists.org
[REVIVE-SA-2025-004] Revive Adserver Vulnerabilities
Full Disclosure mailing list archives From: Matteo Beccati <php () beccati com> Date: Wed, 19 Nov 2025 15:26:12 +0100 ======================================================================== Revive Ad ...
-
seclists.org
[REVIVE-SA-2025-003] Revive Adserver Vulnerabilities
Full Disclosure mailing list archives From: Matteo Beccati <php () beccati com> Date: Wed, 19 Nov 2025 11:05:36 +0100 ======================================================================== Revive Ad ...
-
BleepingComputer
W3 Total Cache WordPress plugin vulnerable to PHP command injection
A critical flaw in the W3 Total Cache (W3TC) WordPress plugin can be exploited to run PHP commands on the server by posting a comment that contains a malicious payload. The vulnerability, tracked as C ...