CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Critical METZ CONNECT Flaws (CVSS 9.8) Allow Unauthenticated RCE and Admin Takeover on Industrial Controllers
METZ CONNECT GmbH, in coordination with CERT@VDE, has issued an urgent security advisory warning of multiple critical vulnerabilities affecting its EWIO-2 series, including Energy-Controlling EWIO2-M, ...
-
Daily CyberSecurity
9 Million Installs: Malicious Chrome VPN Extensions Hijack User Traffic Via Remote PAC Proxy Injection
One of the Malicious ‘Free Unlimited VPN’ in store | Image: LayerX Security researchers at LayerX Security have uncovered a long-running malicious campaign involving VPN and ad-blocking browser extens ...
-
Daily CyberSecurity
Critical SolarWinds Serv-U Flaws (CVSS 9.1) Allow Authenticated Admin RCE and Path Bypass
SolarWinds has released security updates addressing three critical vulnerabilities in Serv-U—its managed file transfer and FTP server platform—each carrying a CVSS score of 9.1 and enabling remote cod ...
-
Daily CyberSecurity
Stealth Stealer: New .NET Loader Hides LokiBot Payload in BMP/PNG Images Using Advanced Steganography
The Splunk Threat Research Team (STRT) has uncovered a new variant of a .NET steganographic malware loader that hides malicious payloads inside image files and ultimately deploys LokiBot, one of the m ...
-
cloudsecurityalliance.org
Microsoft Entra ID Vulnerability: The Discovery That Shook Identity Security
Written by Shravan Konthalapally and Shubham Takankhar. In July 2025, the cybersecurity world was rocked by security researcher Dirk-jan Mollema’s unveiling of a catastrophic vulnerability within Mic ...
-
The Register
Self-replicating botnet attacks Ray clusters
Malefactors are actively attacking internet-facing Ray clusters and abusing the open source AI framework to spread a self-replicating botnet that mines for cryptocurrency, steals data, and launches di ...
-
BleepingComputer
New ShadowRay attacks convert Ray clusters into crypto miners
A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet. Developed by Anyscale, the Ray op ...
-
The Cyber Express
W3 Total Cache Vulnerability Puts Over One Million WordPress Sites at Risk
A severe security flaw has been discovered in the popular W3 Total Cache WordPress plugin, potentially exposing more than one million websites to remote code execution (RCE). The vulnerability, offici ...
-
The Cyber Express
Fortinet Silent Patch Raises Concern Among Security Researchers
Fortinet may have silently patched an exploited zero-day vulnerability more than two weeks before officially disclosing the vulnerability. CVE-2025-64446 in Fortinet’s FortiWeb web application firewal ...
-
BleepingComputer
Fortinet warns of new FortiWeb zero-day exploited in attacks
Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. Tracked as CVE-2025-58034, this web application firewall ...