CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Cyber Security News
WordPress Plugin Vulnerability Exposes Millions of Websites to Script Injection Attacks
A critical security vulnerability in the Essential Addons for Elementor plugin (CVE-2025-24752) has put over two million WordPress websites at risk of cross-site scripting (XSS) attacks. The vulnerabi ...
-
Cyber Security News
2850+ Ivanti Connect Secure Devices Vulnerable to Remote Code Execution Attacks
A critical vulnerability, CVE-2025-22467, in Ivanti Connect Secure (ICS) devices has left approximately 2,850 instances worldwide unpatched and vulnerable to remote code execution (RCE) attacks. This ...
-
The Register
200-plus impressively convincing GitHub repos are serving up malware
Infosec bytes Kaspersky says it has found more than 200 GitHub repos hosting fairly convincing-looking fake projects laced with malicious software. The Russian infosec house reckons the rotten reposit ...
-
Cyber Security News
CISA Warns of Microsoft Partner Center Access Control Vulnerability Exploited in Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory on February 25, 2025, confirming that threat actors are actively exploiting a critical privilege escalation v ...
-
The Hacker News
CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation
Enterprise Security / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collabor ...
-
Cybersecurity News
CVE-2024-12084 & CVE-2024-12085: Rsync Flaws Allow Hackers to Take Over Servers, PoC Published
A set of high-risk vulnerabilities has been disclosed in Rsync, the widely used file synchronization and data transfer tool. Security researchers Simon Scannell, Pedro Gallegos, and Jasiel Spelman fro ...
-
Cybersecurity News
SoaPy: A New Tool for Stealthy Active Directory Enumeration via ADWS
Enumeration of service accounts using SoaPy | Image: IBMIBM X-Force Research has introduced SoaPy, a new Python-based tool designed for stealthy Active Directory (AD) enumeration using Active Director ...
-
Cybersecurity News
CISA Flags Actively Exploited Zimbra (CVE-2023-34192) and Microsoft (CVE-2024-49035) Vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning, adding two critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This move underscores the ur ...
-
Cybersecurity News
CVE-2025-24752: Massive WordPress Plugin Vulnerability Exposes Millions to XSS Attacks
A high-severity security flaw has been discovered in the widely used WordPress plugin, Essential Addons for Elementor, putting over two million websites at risk. The vulnerability, tracked as CVE-2025 ...
-
Cybersecurity News
OpenH264 Codec Vulnerability (CVE-2025-27091): Remote Code Execution Possible
Cisco has released a security advisory concerning a high-severity vulnerability in the OpenH264 codec library. Tracked as CVE-2025-27091 and assigned a CVSSv4 score of 8.6, this vulnerability could al ...