CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
CISA Adds Sierra Router Vulnerability to KEV Catalogue Following Active Exploitation
A critical vulnerability affecting Sierra Wireless routers has been added to its Known Exploited Vulnerabilities (KEV) catalog. This decision comes after evidence emerged that the flaw is being active ...
-
CybersecurityNews
CISA Releases Guidance for Managing UEFI Secure Boot on Enterprise Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), in coordination with the National Security Agency (NSA), has issued new guidance urging enterprises to verify and manage UEFI Secure B ...
-
Daily CyberSecurity
NVIDIA Merlin Flaws Risk AI Pipeline RCE via Unsafe Deserialization in NVTabular & Transformers4Rec
NVIDIA has issued an important security update for its Merlin framework, patching high-severity vulnerabilities that could allow attackers to execute malicious code or tamper with sensitive data withi ...
-
Daily CyberSecurity
Unpatched Windows RasMan Flaw Allows Unprivileged Crash, Enabling Local System Privilege Escalation Exploit
Recently, researchers at 0patch have discovered an unpatched vulnerability in the Windows Remote Access Connection Manager (RasMan) service while investigating a separate, recently patched flaw. The i ...
-
Daily CyberSecurity
Critical pgAdmin RCE (CVE-2025-13780) Flaw Bypasses Fix, Allowing Server Takeover Via Malicious Database Restore
A critical security vulnerability has been discovered in pgAdmin, the world’s most popular open-source management tool for PostgreSQL. The flaw, tracked as CVE-2025-13780, carries a critical CVSS scor ...
-
Daily CyberSecurity
SHADOW-VOID-042 Impersonates Trend Micro in Phishing Campaign to Breach Critical Infrastructure
A sophisticated threat group turned a cybersecurity giant’s reputation against itself, launching a targeted spear-phishing campaign that impersonated Trend Micro to breach defense, energy, and chemica ...
-
Daily CyberSecurity
Critical Plesk Flaw (CVE-2025-66430) Risks Full Server Takeover via LPE and Apache Config Injection
A critical security vulnerability has been discovered in Plesk, a leading web hosting and data center automation platform, potentially handing full server control to unauthorized users. Tracked as CVE ...
-
Daily CyberSecurity
Apache StreamPark Flaw Risks Data Decryption & Token Forgery via Hard-Coded Key and AES ECB Mode
The maintainers of Apache StreamPark, a popular framework for developing streaming applications, have issued a critical security advisory after discovering fundamental flaws in how the platform handle ...
-
Daily CyberSecurity
ImageMagick Flaw Risks Arbitrary Memory Disclosure via PSX TIM File Integer Overflow on 32-bit Systems
A high-severity vulnerability has been uncovered in ImageMagick, the ubiquitous open-source image processing suite used by millions of websites and applications. The flaw, tracked as CVE-2025-66628 (C ...
-
CybersecurityNews
Cybersecurity News Weekly Newsletter – Windows, Chrome, and Apple 0-days, Kali Linux 2025.4, and MITRE Top 25
As 2025 nears its close, the cybersecurity landscape shows no signs of slowing down. This week’s developments highlight how rapidly the threat environment continues to evolve with major zero-day vulne ...