CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
CVE-2026-23830: Critical SandboxJS Flaw (CVSS 10) Allows Total Sandbox Escape
A perfect storm of missing checks has led to a maximum-severity vulnerability in SandboxJS, a library designed to safely execute untrusted JavaScript code. Tracked as CVE-2026-23830, the flaw carries ...
-
Daily CyberSecurity
CVE-2025-14988: Critical 9.8 Vulnerability hits ibaPDA Industrial Software
A critical security vulnerability has been identified in ibaPDA, a core data acquisition system used in industrial environments to monitor and analyze process data. Tracked as CVE-2025-14988, the flaw ...
-
The Cyber Express
Malicious Open Source Software Packages Neared 500,000 in 2025
Malicious open source software packages have become a critical problem threatening the software supply chain. That’s one of the major takeaways of a new report titled “State of the Software Supply Cha ...
-
The Register
Everybody is WinRAR phishing, dropping RATs as fast as lightning
Come one, come all. Everyone from Russian and Chinese government goons to financially motivated miscreants is exploiting a long-since-patched WinRAR vuln to bring you infostealers and Remote Access Tr ...
-
BleepingComputer
New sandbox escape flaw exposes n8n instances to RCE attacks
Two vulnerabilities in the n8n workflow automation platform could allow attackers to fully compromise affected instances, access sensitive data, and execute arbitrary code on the underlying host. Iden ...
-
reddit.com
CVE-2025-40551: SolarWinds WebHelpDesk RCE Deep-Dive and Indicators of Compromise
Let us know your cookie preferences Reddit uses cookies and similar technologies to: Keep the website operational and running properly Prevent fraud and abuse Monitor site usage and performance metric ...
-
The Register
Fortinet unearths another critical bug as SSO accounts borked post-patch
Things aren't over yet for Fortinet customers – the security shop has disclosed yet another critical FortiCloud SSO vulnerability. Those hoping for a reprieve following last week's patch pantomime are ...
-
CybersecurityNews
TP-Link Archer Vulnerability Let Attackers Take Control Over the Router
A critical security advisory has been released for a command injection vulnerability affecting the Archer MR600 v5 router. The flaw, tracked as CVE-2025-14756, enables authenticated attackers to execu ...
-
CybersecurityNews
Gemini MCP Tool 0-day Vulnerability Allows Remote Attackers to Execute Arbitrary Code
A critical zero‑day vulnerability in Gemini MCP Tool exposes users to remote code execution (RCE) attacks without any authentication. Tracked as ZDI‑26‑021 / ZDI‑CAN‑27783 and assigned CVE‑2026‑0755, ...
-
security.nl
SolarWinds waarschuwt voor kritieke kwetsbaarheden in Web Help Desk
Softwarebedrijf SolarWinds waarschuwt voor verschillende kritieke kwetsbaarheden in Web Help Desk waardoor ongeauthenticeerde aanvallers systemen op afstand kunnen overnemen. Ook bevat de software har ...