CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
High-Severity Cacti Flaw (CVE-2025-66399) Risks Remote Code Execution via SNMP Community String Injection
Image: Cacti A high-severity security flaw has been uncovered in Cacti, the popular open-source network graphing solution. The vulnerability, tracked as CVE-2025-66399, exposes Cacti installations to ...
-
Daily CyberSecurity
NVIDIA Triton Server Patches Two High-Severity DoS Flaws, Risking Critical AI Inference Disruption
NVIDIA has issued a security bulletin regarding its Triton Inference Server, a cornerstone tool used by MLOps teams globally to deploy AI models at scale. The company has identified two high-severity ...
-
The Cloudflare Blog
Cloudflare outage on December 5, 2025
2025-12-055 min readOn December 5, 2025, at 08:47 UTC (all times in this blog are UTC), a portion of Cloudflare’s network began experiencing significant failures. The incident was resolved at 09:12 (~ ...
-
Trend Micro
Critical React Server Components Vulnerability CVE-2025-55182: What Security Teams Need to Know
Main Takeaways: CVE-2025-55182 is a critical (CVSS 10.0) pre-authentication remote code execution vulnerability affecting React Server Components used in React.js, Next.js, and related frameworks (see ...
-
BleepingComputer
Hackers are exploiting ArrayOS AG VPN flaw to plant webshells
Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users. Array Networks fixed the vulnerability in a May security ...
-
The Cyber Express
Sanctioned Spyware Vendor Used iOS Zero-Day Exploit Chain Against Egyptian Targets
Google Threat Intelligence Group discovered a full iOS zero-day exploit chain deployed in the wild against targets in Egypt, revealing how sanctioned commercial surveillance vendor Intellexa continues ...
-
Kaspersky
CVE-2025-55182 vulnerability in React and Next.js | Kaspersky official blog
On December 3, it became known about the coordinated elimination of the critical vulnerability CVE-2025-55182 (CVSSv3 — 10), which was found in React server components (RSC), as well as in a number of ...
-
CybersecurityNews
CISA Warns of OpenPLC ScadaBR File Upload Vulnerability Exploited in Attacks
Critical vulnerability has been added to CISA’s Known Exploited Vulnerabilities list, warning organizations about a dangerous file-upload flaw in OpenPLC ScadaBR systems. The vulnerability allows remo ...
-
BleepingComputer
Critical React, Next.js flaw lets hackers execute code on servers
A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications. Th ...
-
The Register
Microsoft quietly shuts down Windows shortcut flaw after years of espionage abuse
Microsoft has quietly closed off a critical Windows shortcut file bug long abused by espionage and cybercrime networks. The flaw, tracked as CVE-2025-9491, allows malicious .lnk shortcut files to hide ...