CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
TP-Link Vulnerability Allows Authentication Bypass Via Password Recovery Feature
A critical authentication vulnerability affecting TP-Link’s VIGI surveillance camera lineup has been disclosed, enabling attackers on local networks to reset administrative credentials without authori ...
-
Help Net Security
Initial access broker pleads guilty to selling access to 50 corporate networks
A 40-year-old Jordanian man has admitted to selling unauthorized access to computer networks of at least 50 companies, the US Attorney’s Office of the District of New Jersey has announced. Feras Khali ...
-
The Register
Anthropic quietly fixed flaws in its Git MCP server that allowed for remote code execution
Anthropic has fixed three bugs in its official Git MCP server that researchers say can be chained with other MCP tools to remotely execute malicious code or overwrite files via prompt injection. The G ...
-
Daily CyberSecurity
NCSC Warns of Russian Hacktivists Targeting UK
The UK’s National Cyber Security Centre (NCSC) has issued a warning regarding the persistent threat posed by Russian-aligned hacktivist groups. In a recent alert, the NCSC highlighted a concerted effo ...
-
security.nl
Tienduizenden WordPress-sites kwetsbaar door kritiek lek in gebruikte plug-in
Tienduizenden WordPress-sites bevatten een kritieke kwetsbaarheid waardoor ze in theorie door aanvallers op afstand zijn over te nemen. Een beveiligingsupdate is al een maand beschikbaar, maar een gro ...
-
CybersecurityNews
Critical AVEVA Software Vulnerabilities Enables Remote Code Execution Under System Privileges
Seven vulnerabilities were disclosed in Process Optimization (formerly ROMeo) 2024.1 and earlier on January 13, 2026, including a critical flaw enabling unauthenticated SYSTEM-level remote code execut ...
-
CybersecurityNews
WhisperPair Attack Allows Hijacking of Laptops, Earbuds Without User Consent – Millions Affected
A critical vulnerability in Google’s Fast Pair protocol that allows attackers to hijack Bluetooth audio accessories and track users without their knowledge or consent. Security researchers from KU Le ...
-
CybersecurityNews
Apache bRPC Vulnerability Enables Remote Command Injection
A critical remote command-injection vulnerability has been discovered in Apache bRPC’s built-in heap profiler service, affecting all versions before 1.15.0 across all platforms. The vulnerability allo ...
-
Daily CyberSecurity
“Nomad Leopard” Spotted in the Wild: Cyber Espionage Campaign Targets Afghan Government
Image: the SEQRITE Labs APT Team A new cyber espionage campaign targeting the heart of Afghanistan’s administration has been uncovered, revealing a mix of official disguises and surprisingly clumsy op ...
-
Daily CyberSecurity
Critical Flaw in “Advanced Custom Fields: Extended” Exposes 100K WordPress Sites to Takeover
A critical security vulnerability has been discovered in Advanced Custom Fields: Extended, a popular WordPress plugin with over 100,000 active installations. The flaw, tracked as CVE-2025-14533, carri ...