CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Cyber Express
Researchers Uncover 13-Year-Old Redis Flaw Impacting Nearly 330,000 Instances
Researchers have uncovered a 13-year-old critical remote-code-execution flaw in Redis that let attackers escape the product’s Lua sandbox and execute native code on the host, creating a straight line ... Read more
-
CrowdStrike.com
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications f ... Read more
-
CybersecurityNews
Cisco ASA/FTD 0-Day Vulnerability Exploited for Authentication Bypass – PoC Released
Cisco has released advisories for a zero-day exploit chain affecting its Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) software, which is reportedly being ... Read more
-
Help Net Security
Leaked Oracle EBS exploit scripts expected to drive new wave of attacks (CVE-2025-61882)
Resecurity and watchTowr researchers have analyzed the leaked scripts used by attackers to exploit CVE-2025-61882 on internet-facing Oracle ESB instances. Whether the attackers were Cl0p or LAPSUS$, b ... Read more
-
The Cyber Express
Attackers Deployed Medusa Ransomware via GoAnywhere MFT Zero-Day
Cybercriminals exploited a critical deserialization flaw in Fortra’s GoAnywhere Managed File Transfer (MFT) tool—tracked as CVE-2025-10035—to drop Medusa ransomware, Microsoft disclosed Monday. The ca ... Read more
-
CybersecurityNews
GoAnywhere 0-Day RCE Vulnerability Exploited in the Wild to Deploy Medusa Ransomware
A critical deserialization flaw in GoAnywhere MFT’s License Servlet, tracked as CVE-2025-10035, has already been weaponized by the Storm-1175 group to execute the Medusa ransomware. The vulnerability ... Read more
-
security.nl
Redis dicht kritieke kwetsbaarheid die aanvaller code op server laat uitvoeren
De makers van Redis, een cachingoplossing die als databaseserver kan worden gebruikt of kan helpen om de prestaties van databases te verbeteren, hebben een kritieke kwetsbaarheid gepatcht waardoor aan ... Read more
-
CybersecurityNews
Kibana Crowdstrike Connector Vulnerability Exposes Protected Credentials
Elastic has released a security advisory detailing a medium-severity vulnerability in the Kibana CrowdStrike Connector that could allow for the exposure of sensitive credentials. The flaw, tracked as ... Read more
-
Kaspersky
The CVE-2025-59489 vulnerability in Unity, and how to fix it in games | Kaspersky official blog
In early October, Unity announced that game developers have a lot of work to do. The popular game engine, used for PC, console and mobile games, has a software vulnerability in it that requires all pu ... Read more
-
security.nl
FBI roept Oracle EBS-klanten op om noodpatch meteen te installeren
De FBI heeft organisaties die van Oracle E-Business Suite (EBS) gebruikmaken opgeroepen om een zaterdag uitgebrachte noodpatch meteen te installeren. "Dit is een "stop-wat-je-aan-het-doen-bent en patc ... Read more