CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Cyber Express
Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000
Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify and report security flaws in its AI products, including its ... Read more
-
CrowdStrike.com
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications f ... Read more
-
CybersecurityNews
Critical AWS ClientVPN for macOS Vulnerability Let Attackers Escalate Privileges
A critical flaw in the AWS Client VPN for macOS has been disclosed, presenting a local privilege escalation risk to non-administrator users. The vulnerability tracked as CVE-2025-11462 allows attacker ... Read more
-
The Hacker News
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Oct 08, 2025Ravie LakshmananVulnerability / Software Security Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protoco ... Read more
-
CybersecurityNews
PoC Exploit Released for Critical Lua Engine Vulnerabilities
Three newly disclosed vulnerabilities have been identified in the Lua scripting engine of Redis 7.4.5, each presenting severe risks of remote code execution and privilege escalation. Redrays has relea ... Read more
-
CrowdStrike.com
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications f ... Read more
-
security.nl
WordPress-sites aangevallen via kritiek lek in Service Finder Bookings plug-in
WordPress-sites worden actief aangevallen via een kritieke kwetsbaarheid in de Service Finder Bookings plug-in. Via het beveiligingslek (CVE-2025-5947) kan een ongeauthenticeerde aanvaller admin-toega ... Read more
-
CybersecurityNews
CISA Warns of Zimbra Collaboration Suite (ZCS) XSS Zero-Day Vulnerability Actively Exploited in Attacks
CISA has issued a critical warning regarding a zero-day cross-site scripting (XSS) vulnerability in Synacor’s Zimbra Collaboration Suite (ZCS), designated as CVE-2025-27915. This vulnerability has bee ... Read more
-
security.nl
CrowdStrike: Kritiek lek in Oracle EBS sinds augustus misbruikt bij aanvallen
Een kritieke kwetsbaarheid in Oracle E-Business Suite (EBS), waarvoor op 4 oktober een noodpatch verscheen, is sinds 9 augustus misbruikt bij aanvallen op organisaties, zo stelt securitybedrijf CrowdS ... Read more
-
CybersecurityNews
Multiple Chrome Vulnerabilities Expose Users to Arbitrary Code Execution Attacks
Google has released Chrome version 141.0.7390.65/.66 for Windows and Mac, along with 141.0.7390.65 for Linux, addressing multiple critical security vulnerabilities that could allow attackers to execut ... Read more