CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Hacker News
ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
Nov 01, 2025Ravie LakshmananArtificial Intelligence / Vulnerability The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE device ...
-
Daily CyberSecurity
Critical WordPress Theme Flaw (CVE-2025-5397, CVSS 9.8) Under Active Exploitation Allows Unauthenticated Admin Takeover
An extremely severe security vulnerability has been discovered and is being actively exploited in the Jobmonster – Job Board WordPress Theme, a popular theme used by nearly 5.6k customers to connect e ...
-
Daily CyberSecurity
Critical WordPress Plugin Flaw (CVE-2025-8489, CVSS 9.8) Allows Unauthenticated Admin Takeover
A critical security vulnerability has been identified and is being actively exploited in the King Addons for Elementor plugin, a popular toolkit used by over 10,000 active WordPress installations. The ...
-
Daily CyberSecurity
CVE-2025-11833 (CVSS 9.8): Critical Flaw Exposes 400,000 WordPress Sites to Unauthenticated Account Takeover
The Post SMTP plugin, used by over 400,000 WordPress sites to ensure reliable email delivery, has been found to contain a critical Missing Authorization vulnerability that can lead to complete Account ...
-
CybersecurityNews
CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about a critical use-after-free vulnerability in the Linux kernel, tracked as CVE-2024-1086. This vulnerabil ...
-
CybersecurityNews
Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell
Cybercriminals and state-sponsored actors are ramping up attacks on unpatched Cisco IOS XE devices across Australia, deploying a persistent Lua-based web shell known as BADCANDY to maintain unauthoriz ...
-
TheCyberThrone
CVE-2025-9491: In-depth Technical Analysis and Mitigation Strategies
November 1, 2025In August 2025, a critical vulnerability tracked as CVE-2025-9491 was publicly disclosed, impacting Microsoft Windows operating systems via a sophisticated UI misrepresentation attack ...
-
CybersecurityNews
Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations
Windows Server Update Services (WSUS) vulnerability is actively exploited in the wild. Criminals are using this vulnerability to steal sensitive data from organizations in various industries. The vuln ...
-
Ars Technica
Two Windows vulnerabilities, one a 0-day, are under active exploitation
Two Windows vulnerabilities—one a zero-day that has been known to attackers since 2017 and the other a critical flaw that Microsoft initially tried and failed to patch recently—are under active exploi ...
-
CybersecurityNews
Threat Actors Exploit LANSCOPE Endpoint Manager Zero-Day Vulnerability to Steal Confidential Data
In mid-2025, researchers discovered a sophisticated campaign orchestrated by the Chinese state-sponsored threat group BRONZE BUTLER (also known as Tick) targeting organizations relying on Motex LANSCO ...