CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
CISA KEV Alert: WinRAR Zero-Day Used for Malware Injection and Windows UAF RCE Under Active Attack
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new mandate for federal agencies to patch their systems immediately, following evidence of active exploitation in the wild. The ...
-
Daily CyberSecurity
Critical Fortinet Flaw Risks Unauthenticated Admin Bypass via FortiCloud SSO SAML Forgery
Fortinet has issued an urgent security advisory following the discovery of a critical vulnerability affecting its flagship network security products. The flaw, which carries a critical CVSS score of 9 ...
-
Daily CyberSecurity
Microsoft Patches Three Zero-Days Including Active Cloud Files UAF to SYSTEM and Copilot RCE
Microsoft has closed out the year with a substantial security update, addressing 72 vulnerabilities across its ecosystem in the December 2025 Patch Tuesday release. The update fixes three critical fla ...
-
Daily CyberSecurity
Critical Ivanti EPM Flaw (CVE-2025-10573) Risks Admin Session Hijack and Unauthenticated RCE
Ivanti has rolled out an urgent security update for its Endpoint Manager (EPM) solution, patching a cluster of severe vulnerabilities that could allow attackers to execute arbitrary code or hijack adm ...
-
TheCyberThrone
Microsoft Patch Tuesday December 2025
Microsoft’s final Patch Tuesday of 2025, released on December 9, addresses approximately 56-57 vulnerabilities across Windows, Office, Exchange, and related components, including three zero-days and s ...
-
Daily CyberSecurity
High-Severity Rockwell Flaws Risk Industrial SQLi Data Tampering and Safety Device DoS Requiring Manual Fix
Rockwell Automation has released important security advisories addressing two significant vulnerabilities affecting its industrial cloud platform and safety communication hardware. The flaws, if left ...
-
Daily CyberSecurity
Critical n8n RCE Flaw (CVE-2025-65964) Allows Remote Code Execution via Git Node Configuration Manipulation
A critical security vulnerability has been discovered in n8n, the popular workflow automation tool that powers technical teams worldwide. The flaw, which carries a critical CVSS severity score of 9.4, ...
-
Daily CyberSecurity
FrostBeacon Hits Russian B2B: Cobalt Strike Deployed via LNK and Chained Legacy Exploits
A new and sophisticated malware campaign dubbed “Operation FrostBeacon” is systematically targeting business-to-business (B2B) enterprises across the Russian Federation. A report from Seqrite Labs rev ...
-
Daily CyberSecurity
Critical ZITADEL Flaws (CVE-2025-67494, CVSS 9.3) Risk SSRF Internal Breach and Account Hijack via XSS
The security team behind ZITADEL, the open-source identity management platform, has issued urgent advisories regarding three high-severity vulnerabilities discovered in its V2 Login UI. The flaws, whi ...
-
Trend Micro
CVE-2025-55182: React2Shell Analysis, Proof-of-Concept Chaos, and In-the-Wild Exploitation
Key takeaways: The exploit leverages JavaScript’s duck-typing and dynamic code execution through an attack that has four stages: it creates a self-reference loop, tricks JavaScript into calling attack ...