CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Spyware Vendor Intellexa Used 15 Zero-Days Since 2021, Deploying Predator via “smack” iOS Exploit Chain
The mercenary spyware industry remains a persistent and adaptable threat, with the notorious vendor Intellexa continuing to expand its arsenal despite facing significant geopolitical headwinds. A new ...
-
The Register
Apache warns of 10.0-rated flaw in Tika metadata ingestion tool
Infosec in Brief The Apache Foundation last week warned of a 10.0-rated flaw in its Tika toolkit. Tika detects and extracts metadata from over 1,000 different file formats. Last August, Apache reporte ...
-
Daily CyberSecurity
urllib3 Flaws Risk Client DoS via Unbounded Decompression and Streaming Resource Exhaustion
The maintainers of urllib3, the ubiquitous HTTP client for Python, have issued a security advisory detailing two high-severity vulnerabilities that could allow malicious servers to crash client applic ...
-
objective-see.org
A Remote Pre-Authentication Overflow in LLDB's debugserver
When Good /bins Go Bad A Remote Pre-Authentication Overflow in LLDB's debugserver by: Nathaniel Oh / December 7, 2025 The Objective-See Foundation is supported by: Note:In this guest blog post, Nathan ...
-
nextron-systems.com
React Server Components & Next.js Vulnerabilities – Status of Nextron Products
Over the past days, many of our customers have seen reports about a critical remote code execution vulnerability in React Server Components (CVE-2025-55182) and the related Next.js vulnerability (CVE- ...
-
CybersecurityNews
Cybersecurity News Weekly Newsletter – 29.7 Tbps DDoS Attack, Chrome 143, React2Shell Vulnerabilities, and Cloudflare Outage
This week’s cybersecurity landscape featured a record-breaking 29.7 Tbps DDoS attack on a financial institution, leveraging IoT botnets and UDP floods that overwhelmed European networks until mitigate ...
-
Help Net Security
Week in review: React, Node.js flaw patched, ransomware intrusion exposes espionage foothold
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Creative cybersecurity strategies for resource-constrained institutions In this Help Net Security inte ...
-
TheCyberThrone
React2Shell: The Silent Server Takeover – Exploit Chains and Threat Actor Onslaught
In late 2025, React Server Components (RSC) electrified the web dev world, powering Next.js apps with seamless server-client fusion across Vercel, Netlify, and AWS Lambda. Millions of sites lit up wit ...
-
CybersecurityNews
Hackers Launch Widespread Attacks on Palo Alto GlobalProtect Portals from 7,000+ IPs
In an escalating campaign targeting remote access infrastructure, threat actors have initiated active exploitation attempts against Palo Alto Networks’ GlobalProtect VPN portals. GrayNoise tracking ac ...
-
BleepingComputer
React2Shell flaw exploited to breach 30 orgs, 77k IP addresses vulnerable
Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromise ...