CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Register
'Exploitation is imminent' as 39 percent of cloud environs have max-severity React hole
A maximum-severity flaw in the widely used JavaScript library React, and several React-based frameworks including Next.js allows unauthenticated, remote attackers to execute malicious code on vulnerab ...
-
BleepingComputer
Critical flaw in WordPress add-on for Elementor exploited in attacks
Attackers are exploiting a critical-severity privilege escalation vulnerability (CVE-2025–8489) in the King Addons for Elementor plugin for WordPress, which lets them obtain administrative permissions ...
-
The Hacker News
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
Dec 03, 2025Ravie LakshmananVulnerability / Cloud Security A maximum-severity security flaw has been disclosed in React Server Components (RSC) that, if successfully exploited, could result in remot ...
-
CybersecurityNews
Longwatch RCE Vulnerability Let Attackers Execute Remote Code With Elevated Privileges
A critical security vulnerability has been discovered in Industrial Video & Control’s Longwatch video surveillance system, allowing attackers to execute malicious code with elevated privileges remotel ...
-
The Hacker News
Microsoft Silently Patches Windows LNK Flaw After Years of Active Exploitation
Dec 03, 2025Ravie LakshmananVulnerability / Endpoint Security Microsoft has silently plugged a security flaw that has been exploited by several threat actors since 2017 as part of the company's Nove ...
-
The Hacker News
WordPress King Addons Flaw Under Active Attack Lets Hackers Make Admin Accounts
Dec 03, 2025Ravie LakshmananVulnerability / Website Security A critical security flaw impacting a WordPress plugin known as King Addons for Elementor has come under active exploitation in the wild. ...
-
BleepingComputer
Microsoft "mitigates" Windows LNK flaw exploited as zero-day
Microsoft has silently "mitigated" a high-severity Windows LNK vulnerability exploited by multiple state-backed and cybercrime hacking groups in zero-day attacks. Tracked as CVE-2025-9491, this securi ...
-
CybersecurityNews
K7 Antivirus Vulnerability Allows Attackers Gain SYSTEM-level Privileges
A serious privilege escalation vulnerability in K7 Ultimate Security, an antivirus product from K7 Computing, was found by abusing named pipes with overly permissive access control lists. This flaw en ...
-
CybersecurityNews
Microsoft Patched Windows LNK Vulnerability Abused by Hackers to Hide Malicious Code
Microsoft has silently patched a Windows shortcut vulnerability that threat actors have been exploiting since 2017 to hide malicious commands from users inspecting file properties. The flaw, tracked a ...
-
Google Cloud
Sanctioned but Still Spying: Intellexa’s Prolific Zero-Day Exploits Continue
Introduction Despite extensive scrutiny and public reporting, commercial surveillance vendors continue to operate unimpeded. A prominent name continues to surface in the world of mercenary spyware, In ...