CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal
IBM has released a new security bulletin addressing multiple high-severity vulnerabilities affecting AIX 7.2, AIX 7.3, and VIOS 3.1/4.1, including flaws that could allow remote attackers to execute ar ...
-
Daily CyberSecurity
Record Supply Chain Attack: 150,000+ Malicious npm Packages Flooded Registry for Token Farming Rewards
In one of the largest open-source supply chain incidents ever recorded, Amazon Inspector security researchers have uncovered over 150,000 malicious npm packages linked to a coordinated tea.xyz token f ...
-
Daily CyberSecurity
CISA Warns: Critical Lynx+ Gateway Flaw (CVSS 10.0) Allows Unauthenticated Remote Reset; Vendor Non-Responsive
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory detailing multiple high-severity vulnerabilities affecting the Lynx+ Gateway manufactured by General Industri ...
-
Daily CyberSecurity
Phishing-as-a-Service Uncovered: Automated Kit Impersonates Aruba S.p.A. to Steal Credentials and Credit Cards
A new report from Group-IB exposes a highly automated phishing framework engineered to impersonate Italian IT and web-services giant Aruba S.p.A., a company serving more than 5.4 million customers and ...
-
krebsonsecurity.com
Microsoft Patch Tuesday, November 2025 Edition
Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being explo ...
-
Help Net Security
Week in review: Windows kernel flaw patched, suspected Fortinet FortiWeb zero-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adopting a counterintelligence mindset in luxury logistics In this Help Net Security interview, Andrea ...
-
The Hacker News
RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
Nov 15, 2025Ravie LakshmananMalware / Vulnerability The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attac ...
-
CybersecurityNews
Cisco Catalyst Center Vulnerability Let Attackers Escalate Priveleges
A serious security flaw in Cisco Catalyst Center Virtual Appliance has been discovered that allows attackers with low-level access to gain full administrator control over affected systems. The vulnera ...
-
CybersecurityNews
PoC Exploit Tool Released for FortiWeb WAF Vulnerability Exploited in the Wild
A proof-of-concept (PoC) exploit tool for CVE-2025-64446 has been publicly released on GitHub. This vulnerability, affecting FortiWeb devices from Fortinet, involves a critical path traversal flaw tha ...
-
CybersecurityNews
Critical pgAdmin4 Vulnerability Lets Attackers Execute Remote Code on Servers
A severe remote code execution (RCE) flaw has been uncovered in pgAdmin4, the popular open-source interface for PostgreSQL databases. Dubbed CVE-2025-12762, the vulnerability affects versions up to 9. ...