CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.

-
Cybersecurity News
CVE-2024-41787 (CVSS 9.8): Critical IBM DOORS Next Flaw Enables Remote Code Execution
IBM has issued an urgent security bulletin regarding two critical vulnerabilities affecting its Engineering Requirements Management DOORS Next software. Identified as CVE-2024-41779 and CVE-2024-41787 ... Read more

-
Cybersecurity News
Unauthenticated Attackers Can Exploit Junos Vulnerabilities (CVE-2025-21598 & CVE-2025-21599)
Juniper Networks has released advisories detailing two significant vulnerabilities affecting their Junos OS and Junos OS Evolved systems. Both issues highlight risks for network administrators and und ... Read more

-
The Register
Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug
"Several cloud deployments" are already compromised following the disclosure of the maximum-severity vulnerability in Aviatrix Controller, researchers say. CVE-2024-50603 leads to remote code executio ... Read more

-
BleepingComputer
CISA orders agencies to patch BeyondTrust bug exploited in attacks
CISA has tagged a command injection vulnerability (CVE-2024-12686) in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks. As mandated by the Binding ... Read more

-
Dark Reading
Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw
Source: Everett Collection Historical via Alamy Stock PhotoMultiple threat actors are actively targeting a recently disclosed maximum-severity security bug in the Aviatrix Controller centralized manag ... Read more

-
Help Net Security
UK domain registry Nominet breached via Ivanti zero-day
The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver Foundation shared today. In th ... Read more

-
Kaspersky
Trusted-relationship cyberattacks and their prevention
supply chain Attacks on companies via their suppliers and contractors are becoming increasingly widespread. How can you manage this risk? January 13, 2025 The old saying, “A chain is only as strong as ... Read more

-
BleepingComputer
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. System I ... Read more

-
BleepingComputer
Hackers exploit critical Aviatrix Controller RCE flaw in attacks
Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. The Aviatrix Control ... Read more

-
BleepingComputer
UK domain registry Nominet confirms breach via Ivanti zero-day
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. The comp ... Read more