CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Exploited Zero-Day: Gladinet/Triofox Flaw CVE-2025-11371 Allows RCE via LFI
Huntress has sounded the alarm over active exploitation of a newly discovered Local File Inclusion (LFI) vulnerability in Gladinet CentreStack and Triofox software, tracked as CVE-2025-11371 (CVSS 6.1 ... Read more
-
Daily CyberSecurity
NVIDIA GPU Driver Patches Multiple High-Severity Flaws Risking RCE and Privilege Escalation
NVIDIA has released an important software security update for its GPU Display Driver, addressing multiple vulnerabilities that could lead to code execution, privilege escalation, data tampering, or de ... Read more
-
Daily CyberSecurity
RondoDox Botnet Unleashed: New Malware Uses ‘Exploit Shotgun’ to Target 50+ Router and IoT Flaws
Trend Micro has uncovered a rapidly expanding botnet campaign dubbed RondoDox, which is targeting a wide spectrum of internet-exposed devices — from routers and DVRs to CCTV systems and industrial net ... Read more
-
Daily CyberSecurity
DFIR Tool Hijacked: Ransomware Group Storm-2603 Abuses Velociraptor for Stealthy LockBit/Babuk Attacks
Cisco Talos has confirmed that ransomware operators are now abusing Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in live ransomware campaigns. “Ransomware operator ... Read more
-
TheCyberThrone
CISA Adds Grafana CVE-2021-43798 to KEV
October 10, 2025The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has included Grafana CVE-2021-43798 in its Known Exploited Vulnerabilities (KEV) catalog in October 2025, signalling to ... Read more
-
CrowdStrike.com
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications f ... Read more
-
Daily CyberSecurity
MediaTek Issues October 2025 Security Bulletin Addressing Multiple High-Severity Vulnerabilities Across Wi-Fi and GNSS Chipsets
MediaTek has released its October 2025 Product Security Bulletin, disclosing a set of high- and medium-severity vulnerabilities affecting a wide range of its Wi-Fi (WLAN) and GNSS (Global Navigation S ... Read more
-
Daily CyberSecurity
ClickFix Phishing: New Automated Kits Trick Users Into Manually Running Malware and Stealers
Researchers from Palo Alto Networks Unit 42 have discovered a new phishing trend where attackers trick victims into manually executing malware on their own devices. The report exposes a commoditized p ... Read more
-
Daily CyberSecurity
TP-Link Router Flaw CVE-2023-28760 Allows Root RCE via LAN, PoC Available
Security researcher Rocco Calvi detailed a critical flaw in the TP-Link AX1800 WiFi 6 Router (Archer AX21/AX20) that allows attackers on the local network to achieve remote code execution (RCE) as the ... Read more
-
The Register
RondoDox botnet fires 'exploit shotgun' at nearly every router and internet-connected home device
A new RondoDox botnet campaign uses an "exploit shotgun" - fire at everything, see what hits - to target 56 vulnerabilities across at least 30 different vendors' routers, DVRs, CCTV systems, web serve ... Read more