CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Breaking the App Shell: Five New Electron Vulnerabilities Shatter Context Isolation
The Electron framework—the powerhouse behind heavyweights like Visual Studio Code and countless other cross-platform desktop applications —has released a series of important patches to address five si ...
-
CybersecurityNews
Flowise AI Agent Builder Injection Vulnerability Exploited in Attacks, 15,000+ Instances Exposed
Threat actors are actively exploiting a maximum-severity remote code execution (RCE) vulnerability in Flowise, an open-source platform used for building AI agents and customized large language model w ...
-
cert.pl
Vulnerability in Bludit software
Vulnerability in Bludit software CVE ID CVE-2026-4420 Publication date 07 April 2026 Vendor Bludit Product Bludit Vulnerable versions 3.17.2, 3.18.0 Vulnerability type (CWE) Improper Neutralization of ...
-
Daily CyberSecurity
UAT-10608 Uses a Next.js “React2Shell” Flaw to Map Your Entire Cloud
NEXUS Listener victims list | Image: Cisco Talos Cisco Talos has revealed a major automated credential harvesting campaign, tracked as UAT-10608, that has already compromised at least 766 hosts across ...
-
CybersecurityNews
Microsoft Warns Storm-1175 Exploits Web-Facing Assets 0-Day Flaws in Medusa Ransomware Attacks
A new ransomware campaign is putting organizations on high alert. A financially motivated threat group known as Storm-1175 has been running fast-paced attacks targeting vulnerable, internet-facing sys ...
-
CybersecurityNews
50,000 WordPress Sites Exposed to Critical Ninja Forms File Upload RCE Vulnerability
A critical security flaw in the popular WordPress plugin “Ninja Forms – File Upload” has left approximately 50,000 websites vulnerable to complete takeover. Tracked as CVE-2026-0740, this flaw boasts ...
-
security.nl
Cisco meldt grootschalige diefstal van inloggegevens via React2Shell-lek
Aanvallers hebben honderden servers via het React2Shell-lek gehackt om zo allerlei inloggegevens te stelen, dat meldt Cisco in een analyse. Via de kwetsbaarheid kan een ongeauthenticeerde aanvaller op ...
-
The Hacker News
China-Linked Storm-1175 Exploits Zero-Days to Rapidly Deploy Medusa Ransomware
A China-based threat actor known for deploying Medusa ransomware has been linked to the weaponization of a combination of zero-day and N-day vulnerabilities to orchestrate "high-velocity" attacks and ...
-
The Cyber Express
FortiClientEMS Vulnerabilities Under Active Exploitation, Expose Systems to RCE
A newly disclosed set of vulnerabilities affecting Fortinet’s endpoint management platform has raised serious concerns among cybersecurity professionals, particularly as both flaws are already being a ...
-
The Hacker News
Flowise AI Agent Builder Under Active CVSS 10.0 RCE Exploitation; 12,000+ Instances Exposed
Threat actors are exploiting a maximum-severity security flaw in Flowise, an open-source artificial intelligence (AI) platform, according to new findings from VulnCheck. The vulnerability in question ...