CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
WatchGuard Under Siege: Critical CVSS 9.3 Zero-Day Exploited in the Wild to Hijack Corporate Firewalls
A critical zero-day vulnerability has shattered the security perimeter of WatchGuard Firebox appliances, forcing network administrators into a race against time. Tracked as CVE-2025-14733, the flaw ca ...
-
Daily CyberSecurity
Kubernetes Alert: Headlamp Flaw (CVE-2025-14269) Lets Unauthenticated Users Hijack Helm Clusters
A high-severity vulnerability has been discovered in Headlamp, a popular extensible web UI for Kubernetes, potentially allowing unauthenticated attackers to hijack cluster operations. Tracked as CVE-2 ...
-
Daily CyberSecurity
FreeBSD Network Alert: Malicious IPv6 Packets Can Trigger Remote Code Execution via resolvconf (CVE-2025-14558)
A high-severity vulnerability has been uncovered in the FreeBSD networking stack, allowing attackers to execute arbitrary code on vulnerable systems simply by sending a malicious IPv6 router advertise ...
-
Daily CyberSecurity
Roundcube Alert: High-Severity SVG XSS and CSS Sanitizer Flaws Threaten Webmail Privacy
The maintainers of Roundcube Webmail, one of the world’s most widely used open-source email solutions, have issued security updates for their 1.6 and 1.5 LTS branches. The patches address two high-sev ...
-
Daily CyberSecurity
Early-Boot Attack: UEFI Flaw in ASRock, ASUS, & MSI Boards Lets Hackers Bypass OS Security via PCIe
A fundamental breakdown in how modern computers secure themselves during the boot process has been exposed, leaving systems vulnerable to physical attacks that can bypass operating system defenses ent ...
-
Daily CyberSecurity
Mario’s Deadly Upgrade: RansomHouse Unveils Dual-Key Encryption to Defeat Backups and Recovery
Ransom Note | Image: Unit 42 Jolly Scorpius, the cybercriminal group behind the notorious RansomHouse operation, has rolled out a major overhaul of its encryption engine, ditching its previously simpl ...
-
BleepingComputer
Clop ransomware targets Gladinet CentreStack in data theft attacks
The Clop ransomware gang (also known as Cl0p) is targeting Internet-exposed Gladinet CentreStack file servers in a new data theft extortion campaign. Gladinet CentreStack enables businesses to securel ...
-
BleepingComputer
New password spraying attacks target Cisco, PAN VPN gateways
An automated campaign is targeting multiple VPN platforms, with credential-based attacks being observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN. On December 11, threat monitoring platfor ...
-
TheCyberThrone
Cisco Hits Perfect 10 with Secure Email Gateway Bug
Cisco’s CVE-2025-20393 is a CVSS 10.0 zero-day in Cisco AsyncOS that gives unauthenticated attackers full root control over Cisco Secure Email Gateway and Secure Email and Web Manager when the Spam Qu ...
-
The Hacker News
HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution
Dec 18, 2025Ravie LakshmananVulnerability / Enterprise Security Hewlett Packard Enterprise (HPE) has resolved a maximum-severity security flaw in OneView Software that, if successfully exploited, co ...