CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Critical Dell Data Lakehouse Vulnerability (CVE-2025-46608) Allows Privilege Escalation
Dell has issued a security advisory warning customers of a critical severity vulnerability affecting Dell Data Lakehouse products prior to version 1.6.0.0. Tracked as CVE-2025-46608 and assigned a CVS ...
-
Daily CyberSecurity
Elastic Patches Two Kibana Flaws — SSRF (CVE-2025-37734) and XSS (CVE-2025-59840) Flaws Affect Multiple Versions
Elastic has issued two security advisories addressing two vulnerabilities in Kibana, the visualization and analytics dashboard component of the Elastic Stack, which could enable server-side request fo ...
-
Daily CyberSecurity
CVE-2025-11919: Wolfram Cloud Vulnerability Exposes Users to Privilege Escalation and Remote Code Execution
A newly disclosed vulnerability in Wolfram Cloud version 14.2 — tracked as CVE-2025-11919 — could allow attackers to achieve privilege escalation, information exfiltration, and remote code execution ( ...
-
Daily CyberSecurity
Open WebUI XSS Flaw (CVE-2025-64495) Risks Admin RCE via Malicious Prompts
The developers behind Open WebUI, an open-source and self-hosted AI interface framework, have issued a security advisory disclosing a high-severity vulnerability (CVE-2025-64495, CVSS 8.7) affecting v ...
-
Daily CyberSecurity
CERT/CC Warns of Code Execution Flaws in Lite XL Text Editor (CVE-2025-12120, CVE-2025-12121)
The CERT Coordination Center (CERT/CC) has issued a vulnerability note highlighting two severe security flaws in Lite XL, a lightweight cross-platform text editor popular among developers for its Lua- ...
-
The Register
Attackers turned Citrix, Cisco 0-day exploits into custom-malware hellscape
An "advanced" attacker exploited CitrixBleed 2 and a max-severity Cisco Identity Services Engine (ISE) bug as zero-days to deploy custom malware, according to Amazon Chief Information Security Officer ...
-
Kaspersky
CVE-2024-12649: vulnerability in the Canon TTF interpreter
These days, attackers probing an organization’s infrastructure rarely come across the luxury of a workstation without an EDR agent, so malicious actors are focusing on compromising servers, or various ...
-
CybersecurityNews
Citrix NetScaler ADC and Gateway Vulnerability Enables Cross-Site Scripting Attacks
Cloud Software Group has disclosed a cross-site scripting (XSS) vulnerability affecting NetScaler ADC and NetScaler Gateway products. Tracked as CVE-2025-12101, the flaw allows attackers to inject mal ...
-
CybersecurityNews
Beware of Malicious Steam Cleanup Tool Attack Windows Machines to Deploy Backdoor Malware
A sophisticated backdoor malware campaign has emerged targeting Windows users through a weaponized version of SteamCleaner, a legitimate open-source utility designed to clean junk files from the Steam ...
-
CybersecurityNews
Multiple Apache OpenOffice Vulnerabilities Leads to Memory Corruption and Unauthorized Content Loading
Apache OpenOffice has released version 4.1.16, addressing seven critical security vulnerabilities that enable unauthorized remote document loading and memory corruption attacks. These flaws represent ...