CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
FortiWeb SQL Injection (CVE-2025-25257) Added to CISA KEV After Active Exploitation, PoC Available!
A critical SQL injection vulnerability in Fortinet FortiWeb, tracked as CVE-2025-25257, has been added to the CISA Known Exploited Vulnerabilities (KEV) Catalog following confirmation of active exploi ...
-
Daily CyberSecurity
CVE-2025-54309: CrushFTP Targeted in Active Exploits Due to Unpatched Zero-Day Vulnerability
CrushFTP, a widely used secure file transfer server, has issued an urgent advisory regarding a critical zero-day vulnerability, tracked as CVE-2025-54309 (CVSS 9.0), that has been actively exploited i ...
-
Daily CyberSecurity
CVE-2025-4660 (CVSS 8.7) in Forescout SecureConnector Allows Remote Endpoint Hijack, PoC Publishes
NetSPI has uncovered a critical vulnerability in Forescout SecureConnector, a security agent meant to enforce endpoint compliance. This same tool—designed for system hardening—could be abused by attac ...
-
Daily CyberSecurity
Nvidia Flaws Expose Jetson AI & Robotics Platforms to RCE and Data Theft
Nvidia has released a security update for its Jetson Linux and IGX platforms, addressing two vulnerabilities that could expose systems to code execution, data tampering, denial of service, and informa ...
-
BleepingComputer
CrushFTP zero-day exploited in attacks to gain admin access on servers
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnera ...
-
BleepingComputer
New CrushFTP zero-day exploited in attacks to hijack servers
CrushFTP is warning that threat actors are actively exploiting a zero-day vulnerability tracked as CVE-2025-54309, which allows attackers to gain administrative access via the web interface on vulnera ...
-
The Hacker News
Ivanti Zero-Days Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks
Jul 18, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks expl ...
-
BleepingComputer
Hackers scanning for TeleMessage Signal clone flaw exposing passwords
Researchers are seeing exploitation attempts for the CVE-2025-48927 vulnerability in the TeleMessage SGNL app, which allows retrieving usernames, passwords, and other sensitive data. TeleMessage SGNL ...
-
CybersecurityNews
Fancy Bear Hackers Attacking Governments, Military Entities With New Sophisticated Tools
The notorious Russian cyberespionage group Fancy Bear, also known as APT28, has intensified its operations against governments and military entities worldwide using an arsenal of sophisticated new too ...
-
security.nl
Signal-kloon TeleMessage SGNL gebruikte kwetsbare Spring Boot Actuator
Bepaalde versies van TeleMessage SGNL, een versleutelde berichtenapp die specifiek is ontworpen voor overheidsorganisaties en grote bedrijven, zijn kwetsbaar voor cyberaanvallen. Een oude versie van S ...