CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
“Better Auth” Framework Alert: The Double-Slash Trick That Bypasses Security Controls
A high-severity vulnerability has been disclosed in Better Auth, a rapidly growing authentication framework for TypeScript, potentially allowing attackers to bypass critical access controls with a sim ...
-
Daily CyberSecurity
Ink Dragon’s Global Mesh: How Chinese Spies Turn Compromised Government Servers into C2 Relay Nodes
A sophisticated Chinese cyber-espionage group is rewriting the rules of persistence, turning compromised government servers into a living, breathing command network. A new report from Check Point Rese ...
-
Daily CyberSecurity
CVE-2025-46295 (CVSS 9.8): Critical Apache Commons Text Flaw Risks Total Server Takeover
A critical vulnerability has been fixed in Apache Commons Text, a ubiquitous Java library used for text manipulation, preventing what could have been a widespread remote code execution (RCE) crisis. T ...
-
Daily CyberSecurity
Node.js Alert: systeminformation Flaw Risks Windows RCE for 16M+ Monthly Users
A high-severity vulnerability has been uncovered in systeminformation, a massively popular Node.js library used by millions of developers to retrieve system metrics. Tracked as CVE-2025-68154, the fla ...
-
Daily CyberSecurity
Self-Hosting No Longer Free: GitHub Introduces New $0.002/Min Platform Fee for Actions
Microsoft-owned code hosting platform GitHub has announced a new pricing change for its Actions service. Previously, GitHub Actions offered a free control plane: as long as workflows ran on servers no ...
-
The Register
Attacks pummeling Cisco AsyncOS 0-day since late November
Suspected Chinese-government-linked threat actors have been battering a maximum-severity Cisco AsyncOS zero-day vulnerability in some Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) ...
-
Help Net Security
Cisco email security appliances rooted and backdoored via still unpatched zero-day
A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November 2025, Cisco Talos researcher ...
-
BleepingComputer
Cisco warns of unpatched AsyncOS zero-day exploited in attacks
Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) applia ...
-
CybersecurityNews
Operation ForumTrol Known for Exploiting Chrome 0-Day Attacking Users With New Phishing Campaign
Operation ForumTrol, an advanced persistent threat group, has launched a new targeted phishing campaign against Russian political scientists and researchers. This sophisticated operation continues the ...
-
The Hacker News
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
Dec 17, 2025Ravie LakshmananVulnerability / Network Security SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been activ ...