CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
seclists.org
Dovecot CVE-2025-30189: Auth cache causes access to wrong account
Full Disclosure mailing list archives Dovecot CVE-2025-30189: Auth cache causes access to wrong account From: Aki Tuomi via Fulldisclosure <fulldisclosure () seclists org> Date: Wed, 29 Oct 2025 10:22 ...
-
Daily CyberSecurity
Researcher Details Critical Authentication Bypasses in WSO2 API Manager and Identity Server
Security researcher Crnkovic has disclosed three critical vulnerabilities — CVE-2025-9152, CVE-2025-10611, and CVE-2025-9804 — in WSO2 API Manager and WSO2 Identity Server, each scoring 9.8 on the CVS ...
-
Daily CyberSecurity
TEE.fail: Researchers Break Intel SGX/TDX and AMD SEV-SNP with Sub-$1,000 DDR5 Memory Bus Attack
In a study titled “TEE.fail: Breaking Trusted Execution Environments via DDR5 Memory Bus Interposition,” researchers from Georgia Tech and Purdue University have demonstrated that even the latest Inte ...
-
Daily CyberSecurity
Researcher Details Windows Cloud Files Mini Filter Driver Elevation of Privilege Flaw (CVE-2025-55680)
Researchers from Exodus Intelligence, led by Michele Campa, have disclosed a privilege-escalation vulnerability in Microsoft’s Cloud Files Minifilter driver (cldflt.sys) that affects all versions of W ...
-
BleepingComputer
WordPress security plugin exposes private data to site subscribers
The Anti-Malware Security and Brute-Force Firewall plugin for WordPress, installed on over 100,000 sites, has a vulnerability that allows subscribers to read any file on the server, potentially exposi ...
-
hackread.com
Hackers Hijack Corporate XWiki Servers for Crypto Mining
A critical security flaw is being actively exploited by cybercriminals to compromise corporate XWiki servers for cryptomining. This is an urgent threat targeting unpatched installations of the open-so ...
-
CybersecurityNews
WordPress Plugin Vulnerability Exposes 7 Million Sites to XSS Attack
A critical cross-site scripting (XSS) vulnerability has been discovered in the popular LiteSpeed Cache plugin for WordPress, affecting millions of websites worldwide. The vulnerability, tracked as CVE ...
-
CybersecurityNews
Hikvision Exploiter – An Automated Exploitation Toolkit Targeting Hikvision IP Cameras
A new open-source tool called HikvisionExploiter has emerged, designed to automate attacks on vulnerable Hikvision IP cameras. Released on GitHub in mid-2024 but gaining renewed attention amid 2025’s ...
-
The Hacker News
Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices
Oct 29, 2025Ravie LakshmananVulnerability / Internet of Things Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways ...
-
CybersecurityNews
PoC Exploit Released for BIND 9 Vulnerability that Let Attackers Forge DNS Records
A public exploit code demonstrating how attackers could exploit CVE-2025-40778, a critical vulnerability in BIND 9 that enables DNS cache poisoning. The Internet Systems Consortium (ISC) initially dis ...