CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Dark Reading
Max-Severity Commvault Bug Alarms Researchers
Source: T. Schneider via ShutterstockSecurity researchers have raised concerns about a maximum severity bug in certain versions of Commvault's Command Center that enables an unauthenticated remote att ...
-
The Register
Microsoft mystery folder fix might need a fix of its own
Turns out Microsoft's latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to ...
-
Cyber Security News
New Stego Campaign Leverages MS Office Vulnerability to Deliver AsyncRAT
Cybersecurity researchers have discovered a sophisticated malware campaign that employs steganography techniques to hide malicious code within seemingly innocent image files. This attack chain leverag ...
-
Cyber Security News
NVIDIA NeMo Framework Vulnerability Let Attackers Execute Remote Code
There are three high-severity vulnerabilities in the NVIDIA NeMo Framework that could allow attackers to execute remote code, potentially compromising AI systems and leading to data tampering. The sec ...
-
Cyber Security News
Hackers Exploited Ivanti Connect Secure 0-Day to Install DslogdRAT & Web Shell
Recent attacks against Japanese organizations have revealed sophisticated hackers exploiting a zero-day vulnerability in Ivanti Connect Secure VPN appliances. The attacks, occurring around December 20 ...
-
Cyber Security News
Citrix NetScaler Console Vulnerability Enables Admin Access – PoC Released
A critical vulnerability in Citrix NetScaler Console allows complete unauthenticated administrative access despite being initially classified as merely a “sensitive information disclosure” issue. The ...
-
Cyber Security News
Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication
A critical vulnerability in Zyxel’s FLEX-H Series devices that enables attackers to execute arbitrary database queries and gain remote code execution capabilities without requiring authentication. The ...
-
Cyber Security News
Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Vulnerability
Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (C ...
-
The Cyber Express
DslogdRAT Malware Deployed in Ivanti Connect Secure Zero-Day Campaign
A new wave of attacks targeting Ivanti Connect Secure VPN devices has revealed a stealthy malware strain known as DslogdRAT, deployed alongside a simple but effective Perl web shell. Security research ...
-
Help Net Security
Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028)
If your organization is using Commvault Command Center for your data protection, backup creation, configuration and restoration needs, you should check whether your on-premise installation has been up ...