CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
CISA Warns: Critical Iskra iHUB Flaw (CVE-2025-13510) Allows Unauthenticated Smart Metering Takeover
A critical security vacuum has been discovered in smart metering infrastructure, potentially leaving utility networks exposed to remote takeover. The Cybersecurity and Infrastructure Security Agency ( ...
-
Daily CyberSecurity
Critical Elementor Plugin Flaw (CVE-2025-8489, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover
A critical security flaw in a popular WordPress plugin has triggered a massive wave of exploitation attempts, with threat actors actively trying to seize control of vulnerable websites by registering ...
-
Daily CyberSecurity
High-Severity Angular Flaw (CVE-2025-66412) Allows Stored XSS via SVG and MathML Bypass
The maintainers of Angular, the popular platform for building mobile and desktop web applications, have released an important security advisory regarding a high-severity vulnerability in the Angular T ...
-
The Cloudflare Blog
Cloudflare WAF proactively protects against React vulnerability
2025-12-031 min readCloudflare has deployed a new protection to address a vulnerability in React Server Components (RSC). All Cloudflare customers are automatically protected, including those on free ...
-
The Cyber Express
CISA Warns that Two Android Vulnerabilities Are Under Attack
CISA warned today that two Android zero-day vulnerabilities are under active attack, within hours of Google releasing patches for the flaws. Both are high-severity Android framework vulnerabilities. C ...
-
The Register
Two Android 0-day bugs disclosed and fixed, plus 105 more to patch
Two high-severity Android bugs were exploited as zero-days before Google issued a fix, according to its December Android security bulletin. The two vulnerabilities are CVE-2025-48633, an information-d ...
-
The Register
University of Pennsylvania joins list of victims from Clop's Oracle EBS raid
The University of Pennsylvania has become the latest victim of Clop's smash-and-grab spree against Oracle's E-Business Suite (EBS) customers, with the Ivy League school now warning more than a thousan ...
-
europa.eu
Cyber Brief 25-12 - November 2025
Cyber Brief (November 2025)December 2, 2025 - Version: 1TLP:CLEARExecutive summaryWe analysed 277 open source reports for this Cyber Security Brief1.Relating to cyber policy and law enforcement, Opera ...
-
Help Net Security
Google fixes Android vulnerabilities “under targeted exploitation” (CVE-2025-48633, CVE-2025-48572)
Google has shipped patches for 51 Android vulnerabilities, including two high-severity flaws (CVE-2025-48633, CVE-2025-48572) that “may be under limited, targeted exploitation”. According to the Decem ...
-
DataBreaches.Net
How a noisy ransomware intrusion exposed a long-term espionage foothold
Zeljka Zorz reports: Getting breached by two separate and likely unconnected cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining: the noisie ...