CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Stealth Stealer: New .NET Loader Hides LokiBot Payload in BMP/PNG Images Using Advanced Steganography
The Splunk Threat Research Team (STRT) has uncovered a new variant of a .NET steganographic malware loader that hides malicious payloads inside image files and ultimately deploys LokiBot, one of the m ...
-
cloudsecurityalliance.org
Microsoft Entra ID Vulnerability: The Discovery That Shook Identity Security
Written by Shravan Konthalapally and Shubham Takankhar. In July 2025, the cybersecurity world was rocked by security researcher Dirk-jan Mollema’s unveiling of a catastrophic vulnerability within Mic ...
-
The Register
Self-replicating botnet attacks Ray clusters
Malefactors are actively attacking internet-facing Ray clusters and abusing the open source AI framework to spread a self-replicating botnet that mines for cryptocurrency, steals data, and launches di ...
-
BleepingComputer
New ShadowRay attacks convert Ray clusters into crypto miners
A global campaign dubbed ShadowRay 2.0 hijacks exposed Ray Clusters by exploiting an old code execution flaw to turn them into a self-propagating cryptomining botnet. Developed by Anyscale, the Ray op ...
-
The Cyber Express
W3 Total Cache Vulnerability Puts Over One Million WordPress Sites at Risk
A severe security flaw has been discovered in the popular W3 Total Cache WordPress plugin, potentially exposing more than one million websites to remote code execution (RCE). The vulnerability, offici ...
-
The Cyber Express
Fortinet Silent Patch Raises Concern Among Security Researchers
Fortinet may have silently patched an exploited zero-day vulnerability more than two weeks before officially disclosing the vulnerability. CVE-2025-64446 in Fortinet’s FortiWeb web application firewal ...
-
BleepingComputer
Fortinet warns of new FortiWeb zero-day exploited in attacks
Today, Fortinet released security updates to patch a new FortiWeb zero-day vulnerability that threat actors are actively exploiting in attacks. Tracked as CVE-2025-58034, this web application firewall ...
-
The Register
Google Chrome bug exploited as an 0-day - patch now or risk full system compromise
Google pushed an emergency patch on Monday for a high-severity Chrome bug that attackers have already found and exploited in the wild. The vulnerability, tracked as CVE-2025-13223, is a type confusion ...
-
The Hacker News
Meta Expands WhatsApp Security Research with New Proxy Tool and $4M in Bounties This Year
Nov 18, 2025Ravie LakshmananBug Bounty / Data Privacy Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve ...
-
cert.pl
Vulnerability in Times Software E-Payroll software
Vulnerability in Times Software E-Payroll software CVE ID CVE-2025-9977 Publication date 18 November 2025 Vendor Times Software Product E-Payroll Vulnerable versions All through 20250121.0 (and potent ...