CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Critical FreePBX Flaw (CVE-2025-66039) Risks PBX Takeover via Authentication Bypass in ‘webserver’ Auth Mode
A critical security vulnerability has been discovered in FreePBX, the world’s most popular open-source PBX platform, potentially leaving thousands of phone systems vulnerable to complete takeover. Tra ...
-
Daily CyberSecurity
Windows Admin Center Flaw (CVE-2025-64669): How a Simple Folder Permission Opened the Door to SYSTEM Access
A high-severity security oversight in Microsoft’s Windows Admin Center (WAC) has been unearthed, revealing how a basic permission error could allow any standard user to seize complete control of a ser ...
-
Daily CyberSecurity
GhostPairing: New Attack Hijacks WhatsApp via Linked Devices, Tricking Users with Fake Facebook QR Code
A deceptive new cyberattack campaign is turning one of WhatsApp’s most convenient features into a weapon, allowing hackers to take full control of user accounts without ever stealing a password or tou ...
-
Daily CyberSecurity
Profit Over Safety: Meta Earns $3B from Chinese Scam Ads, Executives Tolerated Fraud for Revenue Growth
Although Meta cannot offer services such as Facebook and Instagram within China, Chinese advertisers nonetheless constitute a critical pillar of its revenue. Yet beneath this relationship appears to l ...
-
CybersecurityNews
Russian Hackers Attacking Network Edge Devices in Western Critical Infrastructure
A Russian state-sponsored hacking group has been targeting network edge devices in Western critical infrastructure since 2021, with operations intensifying throughout 2025. The campaign, linked to Rus ...
-
CybersecurityNews
Microsoft Details Mitigations Against React2Shell RCE Vulnerability in React Server Components
Microsoft has released comprehensive mitigations for a critical vulnerability dubbed React2Shell (CVE-2025-55182), which poses severe risks to React Server Components and Next.js environments. With a ...
-
BleepingComputer
Hackers exploit newly patched Fortinet auth bypass flaws
Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to admin accounts and steal system configuration files. The two vulnerabilities ...
-
CybersecurityNews
CISA Warns of Apple WebKit Vulnerability 0-Day Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical zero-day vulnerability in Apple WebKit that is currently being actively exploited in attacks. CISA has added CVE-2025-43529 to its catalog of vul ...
-
BleepingComputer
The Hidden Risk in Virtualization: Why Hypervisors are a Ransomware Magnet
Author: Dray Agha, Senior Manager, Hunt & Response, at Huntress Labs Hypervisors are the backbone of modern virtualized environments, but when compromised, they can become a force multiplier for attac ...
-
CybersecurityNews
Fortinet FortiWeb Vulnerability (CVE-2025-64446) Exploited in the Wild for Full Admin Takeover
Threat actors have been actively exploiting a critical path-traversal vulnerability in Fortinet’s FortiWeb web application firewall since early October 2025, allowing unauthenticated attackers to crea ...