CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
BleepingComputer
Dartmouth College confirms data breach after Clop extortion attack
Dartmouth College has disclosed a data breach after the Clop extortion gang leaked data allegedly stolen from the school's Oracle E-Business Suite servers on its dark web leak site. The private Ivy L ...
-
CybersecurityNews
Canon Allegedly Breached by Clop Ransomware via Oracle E-Business Suite 0-Day Hack
Canon has officially confirmed that it was targeted during the widespread hacking campaign exploiting a critical zero-day vulnerability in Oracle E-Business Suite (EBS). The attack, orchestrated by th ...
-
CybersecurityNews
HashiCorp Vault Vulnerability Allow Attackers to Authenticate to Vault Without Valid Credentials
A critical security flaw has been discovered in HashiCorp’s Vault Terraform Provider that could allow attackers to bypass authentication and access Vault without valid credentials. The vulnerability, ...
-
The Hacker News
CISA Warns of Active Spyware Campaigns Hijacking High-Value Signal and WhatsApp Users
Nov 25, 2025Ravie LakshmananSpyware / Mobile Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday issued an alert warning of bad actors actively leveraging commercial ...
-
Daily CyberSecurity
CRITICAL: Fluent Bit Flaws Enable RCE and Telemetry Tampering in Major Orgs
Oligo Security researchers have uncovered a dangerous chain of vulnerabilities in Fluent Bit, the popular, lightweight telemetry agent used by major organizations—including in finance, delivery apps, ...
-
CybersecurityNews
NVIDIA’s Isaac-GROOT Robotics Platform Vulnerability Let Attackers Inject Malicious Codes
NVIDIA has disclosed two critical code injection vulnerabilities affecting its Isaac-GR00T robotics platform. The vulnerabilities, tracked as CVE-2025-33183 and CVE-2025-33184, exist within Python com ...
-
Daily CyberSecurity
Apache Syncope Flaw (CVE-2025-65998) Exposes Encrypted User Passwords Due to Hard-Coded AES Key
Apache has issued an important security advisory warning that Apache Syncope, the widely used open-source identity management platform, contains a critical design flaw that can expose user passwords s ...
-
Daily CyberSecurity
Critical WordPress Flaw (CVE-2025-6389, CVSS 9.8) Under Active Exploitation Allows Unauthenticated RCE
A newly disclosed critical vulnerability in the Sneeit Framework — a widely used WordPress plugin powering premium themes such as FlatNews — is being actively targeted in the wild. Assigned CVE-2025-6 ...
-
Daily CyberSecurity
High-Severity Vault Flaw (CVE-2025-13357) Allows Unauthenticated Access via LDAP Null Bind Insecure Default
HashiCorp has released an important security advisory addressing a misconfiguration flaw in the Vault Terraform Provider that could allow attackers to authenticate to Vault without valid credentials w ...
-
Daily CyberSecurity
Critical Unpatched Flaw: Vivotek EOL IP Cameras Exposed to Unauthenticated RCE via Command Injection
The Akamai Security Intelligence and Response Team (SIRT) has uncovered a previously undocumented — and still widely exploitable — unauthenticated command-injection vulnerability in legacy Vivotek IP ...