CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
CVE-2025-26399 (CVSS 9.8): SolarWinds Web Help Desk Hit by Critical RCE Vulnerability
SolarWinds has released a hotfix for its Web Help Desk (WHD) software after the discovery of a critical remote code execution (RCE) vulnerability tracked as CVE-2025-26399. The flaw, rated CVSS 9.8, s ... Read more
-
CybersecurityNews
Libraesva ESG Vulnerability Let Attackers Inject Malicious Commands
A critical security flaw in Libraesva ESG email security gateways has been identified and patched, allowing threat actors to execute arbitrary commands through specially crafted email attachments. The ... Read more
-
Help Net Security
Review: Practical Purple Teaming
Practical Purple Teaming is a guide to building stronger collaboration between offensive and defensive security teams. The book focuses on how to design and run effective purple team exercises that im ... Read more
-
CrowdStrike.com
September 2025 Patch Tuesday: Two Publicly Disclosed Zero-Days and Eight Critical Vulnerabilities Among 84 CVEs
Microsoft has addressed 84 vulnerabilities in its September 2025 security update release. This month's patches address two publicly disclosed zero-day vulnerabilities and eight Critical vulnerabilitie ... Read more
-
Daily CyberSecurity
CVE-2025-9125: Cross-Site Scripting Flaw in Lectora Courses Puts E-Learning Platforms at Risk
The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of a cross-site scripting (XSS) flaw affecting Lectora, a widely used e-learning authoring platform developed by ELB Lear ... Read more
-
Daily CyberSecurity
CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild
Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security Gateway (ESG). The flaw, which affects versions starting from 4.5 ... Read more
-
Daily CyberSecurity
BlockBlasters: When a Steam Game Turns Into a Malware Delivery Vehicle
What began as a promising indie platformer has turned into one of the most alarming cases of malware-laced games on Steam in 2025. According to G DATA Security Lab, the 2D shooter BlockBlasters releas ... Read more
-
Daily CyberSecurity
Kawa4096: A New Ransomware Group with Akira-Style Branding and Qilin-Like Notes
In June 2025, a new ransomware group known as Kawa4096 surfaced, launching disruptive attacks against multinational organizations in finance, education, and services. Victims have been reported in bot ... Read more
-
Daily CyberSecurity
Beyond Trust: A New Campaign Is Using a Legitimate Tool to Deliver RATs
Attack chain showing multiple steps to maintain persistence and execution of AsyncRAT variants | Image: Hunt A new report from Hunt Intelligence reveals how attackers are abusing ConnectWise ScreenCon ... Read more
-
Trend Micro
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Artificial Intelligence (AI) Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credenti ... Read more