CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Critical pgAdmin Flaws (CVE-2025-12762, CVSS 9.1) Allow Remote Code Execution via PostgreSQL Dump Files
The pgAdmin development team has issued patches addressing four newly disclosed security vulnerabilities impacting pgAdmin versions up to 9.9, including a critical Remote Code Execution (RCE) flaw tha ...
-
Daily CyberSecurity
High-Severity Memos Flaw (CVE-2024-21635) Allows Hackers to Stay Logged In After Password Change
The team behind Memos, the privacy-first, self-hosted knowledge base platform, has issued a security advisory for CVE-2024-21635, a session-management flaw that could allow attackers to maintain acces ...
-
Daily CyberSecurity
Critical IBM AIX RCE (CVE-2025-36250, CVSS 10.0) Flaw Exposes NIM Private Keys and Risks Directory Traversal
IBM has released a new security bulletin addressing multiple high-severity vulnerabilities affecting AIX 7.2, AIX 7.3, and VIOS 3.1/4.1, including flaws that could allow remote attackers to execute ar ...
-
Daily CyberSecurity
Record Supply Chain Attack: 150,000+ Malicious npm Packages Flooded Registry for Token Farming Rewards
In one of the largest open-source supply chain incidents ever recorded, Amazon Inspector security researchers have uncovered over 150,000 malicious npm packages linked to a coordinated tea.xyz token f ...
-
Daily CyberSecurity
CISA Warns: Critical Lynx+ Gateway Flaw (CVSS 10.0) Allows Unauthenticated Remote Reset; Vendor Non-Responsive
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a new advisory detailing multiple high-severity vulnerabilities affecting the Lynx+ Gateway manufactured by General Industri ...
-
Daily CyberSecurity
Phishing-as-a-Service Uncovered: Automated Kit Impersonates Aruba S.p.A. to Steal Credentials and Credit Cards
A new report from Group-IB exposes a highly automated phishing framework engineered to impersonate Italian IT and web-services giant Aruba S.p.A., a company serving more than 5.4 million customers and ...
-
krebsonsecurity.com
Microsoft Patch Tuesday, November 2025 Edition
Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being explo ...
-
Help Net Security
Week in review: Windows kernel flaw patched, suspected Fortinet FortiWeb zero-day exploited
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adopting a counterintelligence mindset in luxury logistics In this Help Net Security interview, Andrea ...
-
The Hacker News
RondoDox Exploits Unpatched XWiki Servers to Pull More Devices Into Its Botnet
Nov 15, 2025Ravie LakshmananMalware / Vulnerability The botnet malware known as RondoDox has been observed targeting unpatched XWiki instances against a critical security flaw that could allow attac ...
-
CybersecurityNews
Cisco Catalyst Center Vulnerability Let Attackers Escalate Priveleges
A serious security flaw in Cisco Catalyst Center Virtual Appliance has been discovered that allows attackers with low-level access to gain full administrator control over affected systems. The vulnera ...