CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Pro-Russian Hacktivist Group TwoNet Exposed for Fabricating Critical Infrastructure Attacks to Boost Reputation
Forescout Research has uncovered a disturbing new tactic among pro-Russian hacktivists — fabricating real-world critical infrastructure attacks to inflate their reputation. In a recent case, a newly f ... Read more
-
Daily CyberSecurity
Critical Cherry Studio Flaw CVE-2025-61929 (CVSS 9.7) Allows One-Click RCE via Custom URL Protocol
A critical security flaw has been discovered in Cherry Studio, a cross-platform desktop client that supports multiple large language model (LLM) providers. Tracked as CVE-2025-61929 and rated CVSS 9.7 ... Read more
-
Daily CyberSecurity
Critical Auth Bypass (CVE-2025-61928) in Better Auth Allows Hackers to Steal User API Keys
A critical authentication bypass vulnerability has been discovered in Better Auth, a popular framework-agnostic authentication and authorization library for TypeScript, used by developers to add secur ... Read more
-
Daily CyberSecurity
Axis Communications Leaks Azure Credentials in Autodesk Plugin Via Hardcoded SAS Tokens
Trend Micro’s Threat Research team has uncovered a serious cloud credential exposure involving Axis Communications, a leading provider of network surveillance and security devices. The issue originate ... Read more
-
Daily CyberSecurity
Massive RDP Botnet Unleashed: 100,000+ IPs in Coordinated Global Scanning Campaign Targeting US
GreyNoise Intelligence has issued an alert about a massive coordinated botnet operation targeting Remote Desktop Protocol (RDP) services across the United States. Since October 8, 2025, researchers ha ... Read more
-
Daily CyberSecurity
Akira Ransomware Revives SonicWall Flaw CVE-2024-40766, Uses ‘UnPAC the Hash’ to Breach Networks
Image: Fortinet Between July and August 2025, global security teams have observed a resurgence in Akira ransomware incidents targeting organizations through SonicWall SSL VPN appliances, marking a ren ... Read more
-
Daily CyberSecurity
Apple Ups Bounty to $5 Million for Zero-Click Spyware Exploits Bypassing Lockdown Mode
Apple has announced a major overhaul of its Security Bounty vulnerability reward program, set to take effect this November, with a substantial increase in payout ceilings—making it one of the most luc ... Read more
-
Daily CyberSecurity
CVE-2025-61927 (CVSS 9.4): Critical RCE Flaw Discovered in Happy DOM, Over 2.7 Million Weekly Downloads Impacted
A critical-severity vulnerability has been disclosed in Happy DOM, a popular JavaScript package used to emulate web browsers for testing, scraping, and server-side rendering (SSR). Tracked as CVE-2025 ... Read more
-
CrowdStrike.com
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications f ... Read more
-
The Hacker News
New Oracle E-Business Suite Bug Could Let Hackers Access Data Without Login
Oct 12, 2025Ravie LakshmananVulnerability / Threat Intelligence Oracle on Saturday issued a security alert warning of a fresh security flaw impacting its E-Business Suite that it said could allow un ... Read more