CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Cyber Express
Microsoft Patch Tuesday January 2026: Actively Exploited Zero Day, 8 High-Risk Flaws
Microsoft’s Patch Tuesday January 2026 update includes fixes for one actively-exploited zero day vulnerability and eight additional high-risk flaws. In all, the Patch Tuesday January 2026 update inclu ...
-
The Register
Popular Python libraries used in Hugging Face models subject to poisoned metadata attack
Vulnerabilities in popular AI and ML Python libraries used in Hugging Face models with tens of millions of downloads allow remote attackers to hide malicious code in metadata. The code then executes a ...
-
Zero Day Initiative
The January 2026 Security Update Review
I may be in Tokyo preparing for Pwn2Own Automotive, but that doesn’t stop patch Tuesday from coming. Put aside you broken New Year’s resolutions for just a moment as we review the latest security patc ...
-
BleepingComputer
Microsoft January 2026 Patch Tuesday fixes 3 zero-days, 114 flaws
Today is Microsoft's January 2026 Patch Tuesday with security updates for 114 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities.This Patch Tuesday also addres ...
-
CybersecurityNews
Microsoft Patch Tuesday January 2026 – 114 Vulnerabilities Fixed Including 3 Zero-days
CVE-2026-20822Windows Graphics Component Elevation of Privilege VulnerabilityElevation of PrivilegeCVE-2026-20876Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerabilit ...
-
The Cyber Express
What Is a DNS Attack? Understanding the Risks and Threats
In 2026, when websites, apps, and online services drive nearly every aspect of daily life, the Domain Name System (DNS) acts as the internet’s unsung hero. It serves as the bridge between humans and m ...
-
CybersecurityNews
FortiSandbox SSRF Vulnerability Allow Attacker to proxy Internal Traffic via Crafted HTTP Requests
Fortinet disclosed a Server-Side Request Forgery (SSRF) vulnerability in its FortiSandbox appliance on January 13, 2026, urging users to update amid risks of internal network proxied requests. Tracked ...
-
CybersecurityNews
Node.js Security Release Patches 7 Vulnerabilities Across All Release Lines
Node.js issued critical security updates across its active release lines on January 13, 2026, patching vulnerabilities that could lead to memory leaks, denial-of-service attacks, and permission bypass ...
-
CybersecurityNews
8000+ SmarterMail Hosts Vulnerable to RCE Attack – PoC Exploit Released
Over 8,000 internet-exposed SmarterMail servers remain vulnerable to a critical remote code execution flaw tracked as CVE-2025-52691, according to scans conducted on January 12, 2026. Security researc ...
-
CybersecurityNews
Critical OpenSSH Vulnerability Exposes Moxa Ethernet Switches to Remote Code Execution
Moxa has issued a critical security advisory regarding CVE-2023-38408, a severe vulnerability in OpenSSH affecting multiple Ethernet switch models. The flaw, with a CVSS 3.1 score of 9.8, allows unaut ...