CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Register
China, Iran are having a field day with React2Shell, Google warns
At least five more Chinese spy crews, Iran-linked goons, and financially motivated criminals are now attacking the React2Shell, a maximum-severity flaw in the widely used React JavaScript library, acc ...
-
CybersecurityNews
New PCPcat Exploiting React2Shell Vulnerability to compromise 59,000+ Servers
A new malware campaign called PCPcat has successfully compromised more than 59,000 servers in under 48 hours through targeted exploitation of critical vulnerabilities in Next.js and React frameworks. ...
-
CybersecurityNews
JumpCloud Remote Assist for Windows Agent Flaw Let Attackers Escalate Privilege
The JumpCloud Remote Assist vulnerability (CVE-2025-34352) exposes Windows systems to local privilege escalation and denial-of-service attacks. Discovered by XM Cyber researcher Hillel Pinto, the flaw ...
-
hackread.com
GitHub Scanner for React2Shell (CVE-2025-55182) Turns Out to Be Malware
A GitHub repository posing as a vulnerability scanner for CVE-2025-55182, also referred to as “React2Shell,” was exposed as malicious after spreading malware. The project, named React2shell-scanner, w ...
-
TheCyberThrone
Apple fixes two Webkit Vulnerabilities
Apple has rolled out emergency patches across its ecosystem to fix two WebKit zero-day vulnerabilities, CVE-2025-43529 and CVE-2025-14174, that were already being exploited in highly targeted attacks ...
-
CybersecurityNews
NVIDIA Merlin Vulnerabilities Let Attackers Execute Malicious Code and Trigger DoS Condition
Security patches for the Merlin framework addressing two high-severity deserialization vulnerabilities. That could allow attackers to execute arbitrary code and launch denial-of-service attacks on aff ...
-
CybersecurityNews
Apache StreamPark Vulnerability Let Attackers Access Sensitive Data
A critical security vulnerability has been discovered in Apache StreamPark that could allow attackers to decrypt sensitive information and gain unauthorized system access. The vulnerability stems from ...
-
CybersecurityNews
Critical pgAdmin Vulnerability Let Attackers Execute Shell Commands on the Host
A severe security vulnerability has been uncovered in pgAdmin 4, the popular open-source PostgreSQL database management tool. Tracked as CVE-2025-13780, this critical flaw allows attackers to bypass s ...
-
The Hacker News
FreePBX Patches Critical SQLi, File-Upload, and AUTHTYPE Bypass Flaws Enabling RCE
Dec 15, 2025Ravie LakshmananVulnerability / Software Security Multiple security vulnerabilities have been disclosed in the open-source private branch exchange (PBX) platform FreePBX, including a cri ...
-
CybersecurityNews
Wireshark 4.6.2 Released With Fix for Vulnerabilities, and Updated Protocol Support
Wireshark 4.6.2, the latest version of the leading open-source network protocol analyzer, addresses critical crash vulnerabilities and plugin compatibility issues. This maintenance release prioritizes ...