CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Register
Half of exposed React servers remain unpatched amid active exploitation
Half of the internet-facing systems vulnerable to a fast-moving React remote code execution flaw remain unpatched, even as exploitation has exploded into more than a dozen active attack clusters rangi ...
-
BleepingComputer
New Windows RasMan zero-day flaw gets free, unofficial patches
Free unofficial patches are available for a new Windows zero-day vulnerability that allows attackers to crash the Remote Access Connection Manager (RasMan) service. RasMan is a critical Windows system ...
-
security.nl
CISA: organisaties opnieuw aangevallen via beveiligingslek in GeoServer
Organisaties zijn opnieuw aangevallen via een kwetsbaarheid in GeoServer, zo laat het Amerikaanse cyberagentschap CISA weten. Afgelopen september meldde het CISA nog dat een federale Amerikaanse overh ...
-
BleepingComputer
CISA orders feds to patch actively exploited Geoserver flaw
CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks, an XML input containing a ref ...
-
0patch.com
Free Micropatches for Windows Remote Access Connection Manager DoS (0day)
During our investigation of CVE-2025-59230, a Windows Remote Access Connection Manager elevation of privilege vulnerability that was patched by Microsoft with October 2025 Windows updates, we found an ...
-
CybersecurityNews
Apache Struts 2 DoS Vulnerability Let Attackers Crash Server
A critical denial-of-service vulnerability has been discovered in Apache Struts 2, affecting multiple versions of the popular web application framework. The vulnerability, identified as CVE-2025-64775 ...
-
The Hacker News
New React RSC Vulnerabilities Enable DoS and Source Code Exposure
Dec 12, 2025Ravie LakshmananSoftware Security / Vulnerability The React team has released fixes for two new types of flaws in React Server Components (RSC) that, if successfully exploited, could res ...
-
The Hacker News
React2Shell Exploitation Escalates into Large-Scale Global Attacks, Forcing Emergency Mitigation
Dec 12, 2025Ravie LakshmananVulnerability / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to patch the recent React2Shell vulnerabil ...
-
CybersecurityNews
Windows Remote Access Connection Manager Vulnerabilities Let Attackers Escalate Privileges
Two critical privilege escalation flaws were disclosed in the Windows Remote Access Connection Manager on December 9, 2025. The vulnerabilities, tracked as CVE-2025-62472 and CVE-2025-62474, allow aut ...
-
The Cyber Express
Password Manager LastPass Penalized £1.2m by ICO for Security Failures
The Information Commissioner’s Office (ICO) has fined password manager provider LastPass UK Ltd £1.2 million following a 2022 data breach that compromised the personal information of up to 1.6 million ...