CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cybersecurity News
MirrorFace: Unmasking the Chinese Cyber Espionage Group Targeting Japan
On January 8, 2025, the Japanese National Police Agency (NPA) issued a critical warning regarding ongoing cyberattacks attributed to the MirrorFace group, also known as “Earth Kasha.” Active since 201 ... Read more
-
Cybersecurity News
CVE-2024-54006 & CVE-2024-54007: Command Injection Flaws in HPE Aruba Devices, PoC Publicly Available
HPE Aruba Networking has issued a security advisory addressing multiple command injection vulnerabilities in its 501 Wireless Client Bridge. These flaws, tracked as CVE-2024-54006 and CVE-2024-54007, ... Read more
-
Cybersecurity News
CVE-2024-5594 (CVSS 9.1): Critical Vulnerability in OpenVPN Enables Code Execution
The open-source VPN software OpenVPN has patched three significant vulnerabilities in OpenVPN 2.6.11, released on June 21, 2024. While the initial announcement mentioned security fixes, the severity o ... Read more
-
Cybersecurity News
CVE-2024-46622 (CVSS 9.8): SecureAge Security Suite Patches Critical Privilege Escalation Flaw
SecureAge Technology has released updates to address a critical privilege escalation vulnerability in its SecureAge Security Suite. The vulnerability, tracked as CVE-2024-46622 and assigned a CVSS sco ... Read more
-
TheCyberThrone
CVE-2025-0282: Affecting Ivanti Products
OverviewCVE-2025-0282 is a critical stack-based buffer overflow vulnerability. It impacts Ivanti Connect Secure, Ivanti Policy Secure, and Ivanti Neurons for Zero Trust Access (ZTA) gateways. This vul ... Read more
-
Trend Micro
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
In December 2024, two critical vulnerabilities in Microsoft's Windows Lightweight Directory Access Protocol (LDAP) were addressed via Microsoft’s monthly Patch Tuesday release. Both vulnerabilities we ... Read more
-
BleepingComputer
Unpatched critical flaws impact Fancy Product Designer WordPress plugin
Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. With more than 20,000 sales, the plugin all ... Read more
-
BleepingComputer
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became ... Read more
-
The Register
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw – and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abu ... Read more
-
Help Net Security
Ivanti Connect Secure zero-day exploited by attackers (CVE-2025-0282)
Ivanti has fixed two vulnerabilities affecting Ivanti Connect Secure, Policy Secure and ZTA gateways, one of which (CVE-2025-0282) has been exploited as a zero-day by attackers to compromise Connect S ... Read more