CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Public Yet Private? Critical Appsmith Flaw Exposes Unpublished Actions (CVSS 9.4)
A critical security flaw has been discovered in Appsmith, the popular open-source platform used by organizations worldwide to build internal tools like dashboards and admin panels. The vulnerability, ...
-
Daily CyberSecurity
Sabotage & Exploited in the Wild: Critical Backdoor Found in LA-Studio Element Kit
A critical security incident has rocked the WordPress community after a “backdoor” vulnerability was discovered in the LA-Studio Element Kit for Elementor, a plugin active on over 20,000 websites. The ...
-
Daily CyberSecurity
CVE-2026-23594: High-Severity Flaw in HPE Alletra & Nimble Grants Admin Access
Hewlett Packard Enterprise (HPE) has issued a security alert for storage administrators, warning of a high-severity vulnerability affecting its flagship enterprise storage arrays. The flaw, tracked as ...
-
Daily CyberSecurity
CVE-2026-22822: Critical Flaw in External Secrets Operator Breaks Namespace Isolation
A critical security vulnerability has been discovered in the External Secrets Operator, a widely used Kubernetes tool that bridges the gap between external secret management systems like AWS Secrets M ...
-
BleepingComputer
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Hackers began exploiting an authentication bypass vulnerability in SmarterTools' SmarterMail email server and collaboration tool that allows resetting admin passwords. An authentication bypass vulnera ...
-
The Hacker News
New Osiris Ransomware Emerges as New Strain Using POORTRY Driver in BYOVD Attack
Cybersecurity researchers have disclosed details of a new ransomware family called Osiris that targeted a major food service franchisee operator in Southeast Asia in November 2025. The attack leverage ...
-
The Hacker News
Critical GNU InetUtils telnetd Flaw Lets Attackers Bypass Login and Gain Root Access
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd) that went unnoticed for nearly 11 years. The vulnerability, tracked as CVE-2026-24061, is rated 9.8 out of 10.0 ...
-
The Register
FortiGate firewalls hit by silent SSO intrusions and config theft
FortiGate firewalls are getting quietly reconfigured and stripped down by miscreants who've figured out how to sidestep SSO protections and grab sensitive settings right out of the box. That's accordi ...
-
Huntress
Huntress Catches SmarterMail Account Takeover Leading to RCE
Background / Summary The Huntress DE&TH (Detection Engineering and Threat Hunting) Team has observed in-the-wild exploitation of a privileged account takeover vulnerability (CVE-2026-23760) in Smarter ...
-
The Hacker News
ThreatsDay Bulletin: Pixel Zero-Click, Redis RCE, China C2s, RAT Ads, Crypto Scams & 15+ Stories
Most of this week's threats didn't rely on new tricks. They relied on familiar systems behaving exactly as designed, just in the wrong hands. Ordinary files, routine services, and trusted workflows we ...