CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
cert.pl
Vulnerability in EAP Legislator software
Vulnerability in EAP Legislator software CVE ID CVE-2026-1186 Publication date 02 February 2026 Vendor ABC PRO Product EAP Legislator Vulnerable versions All through 2.25 Vulnerability type (CWE) Impr ...
-
Daily CyberSecurity
Notepad++ Hijacked: State-Sponsored Actors Poisoned Updates for Months
The developer behind Notepad++, the ubiquitous open-source text editor found on millions of developer desktops, has confirmed a severe security incident involving a months-long compromise of its updat ...
-
Daily CyberSecurity
Silent Intruder: “EncystPHP” Web Shell Burrows into FreePBX Systems
The EncystPHP file flow | Image: FortiGuard Labs A sophisticated new web shell has been discovered burrowing into communication infrastructure, leveraging a critical vulnerability to turn innocent pho ...
-
CybersecurityNews
Critical Johnson Controls Products Vulnerabilities Enables Remote SQL Injection Attacks
A critical advisory addressing a severe SQL injection vulnerability affecting multiple Johnson Controls industrial control system products. The vulnerability, tracked as CVE-2025-26385, carries a maxi ...
-
Help Net Security
Week in review: Microsoft fixes exploited Office zero-day, Fortinet patches FortiCloud SSO flaw
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: When open science meets real-world cybersecurity In this Help Net Security interview, Matthew Kwiatkow ...
-
CybersecurityNews
SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations
A medium-severity vulnerability in the Iconics Suite SCADA system that could allow attackers to trigger denial-of-service conditions on critical industrial control systems. The flaw, tracked as CVE-20 ...
-
CybersecurityNews
Metasploit Releases 7 New Exploit Modules covering FreePBX, Cacti and SmarterMail
The latest update to the Metasploit Framework this week provides a significant enhancement for penetration testers and red teamers, introducing seven new exploit modules targeting commonly used enterp ...
-
TheCyberThrone
Ivanti EPMM Zero-Days CVE-2026-1281 & CVE-2026-1340
January 31, 2026Ivanti has issued a critical security advisory for two zero-day remote code execution (RCE) vulnerabilities in Endpoint Manager Mobile (EPMM), actively exploited in the wild. CVE-2026- ...
-
The Register
January blues return as Ivanti coughs up exploited EPMM zero-days
Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterpr ...
-
SentinelOne
The Good, the Bad and the Ugly in Cybersecurity – Week 5
The Good | U.S. Authorities Charge ATM Hackers, Dismantle Darkmarket, and Seize ‘RAMP’ Forum A U.S. federal grand jury has charged 31 defendants for their roles in an ATM jackpotting operation linked ...