CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
Cacti Command Injection Vulnerability Let Attackers Execute Malicious Code Remotely
A critical command injection vulnerability in the open-source network monitoring tool Cacti allows authenticated attackers to execute arbitrary code remotely, potentially compromising the entire monit ...
-
CybersecurityNews
Splunk Enterprise Vulnerabilities Allows Privileges Escalation Via Incorrect File Permissions
A high-severity vulnerability has been disclosed in Splunk affecting its Enterprise and Universal Forwarder products for Windows, stemming from incorrect file permissions during installation and upgra ...
-
CrowdStrike.com
Unveiling WARP PANDA: A New Sophisticated China-Nexus Adversary
Throughout 2025, CrowdStrike has identified multiple intrusions targeting VMware vCenter environments at U.S.-based entities, in which newly identified China-nexus adversary WARP PANDA deployed BRICKS ...
-
The Hacker News
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
Dec 05, 2025Ravie LakshmananVulnerability / Network Security A command injection vulnerability in Array Networks AG Series secure access gateways has been exploited in the wild since August 2025, ac ...
-
CybersecurityNews
China-Nexus Hackers Actively Exploiting React2Shell Vulnerability in The Wild
China-nexus threat groups are racing to weaponize the new React2Shell bug, tracked as CVE-2025-55182, only hours after its public disclosure. The flaw sits in React Server Components and lets an attac ...
-
CybersecurityNews
PoC Exploit Released for Critical React, Next.js RCE Vulnerability (CVE-2025-55182)
A proof-of-concept (PoC) exploit for CVE-2025-55182, a maximum-severity remote code execution (RCE) flaw in React Server Components, surfaced publicly this week, heightening alarms for developers worl ...
-
Daily CyberSecurity
Russia Imposes Network-Level Blockade on Apple’s End-to-End Encrypted FaceTime
Russia has recently imposed a network-level blockade on Apple’s video-calling service FaceTime, which is developed and operated entirely by Apple and provides users with end-to-end encrypted audio and ...
-
Daily CyberSecurity
Apache HTTP Server 2.4.66 Fixes SSRF Flaw (CVE-2025-59775) Exposing NTLM Hashes on Windows and suexec Bypass
The Apache Software Foundation has rolled out a crucial update for the ubiquitous Apache HTTP Server, addressing five distinct security vulnerabilities. The release of version 2.4.66 serves as a cumul ...
-
Daily CyberSecurity
The PDF Trap: Critical Vulnerability (CVE-2025-66516, CVSS 10.0) Hits Apache Tika Core
The Apache Tika toolkit, the industry standard for detecting and extracting metadata from over a thousand file types, has issued a maximum-severity alert. A critical XML External Entity (XXE) vulnerab ...
-
Daily CyberSecurity
“React2Shell” Storm: China-Nexus Groups Weaponize Critical React Flaw Hours After Disclosure
Only hours after the public disclosure of a critical vulnerability in the React ecosystem, state-sponsored cyber espionage groups have already launched active exploitation campaigns. Amazon threat int ...