CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection
Elastic has released urgent security updates for Elastic Cloud Enterprise (ECE) to patch a critical vulnerability (CVE-2025-37729) that could allow attackers with administrative access to exfiltrate s ...
-
Daily CyberSecurity
RMPocalypse Flaw (CVE-2025-0033) Bypasses AMD SEV-SNP to Fully Compromise Encrypted VMs
A research team from ETH Zurich has disclosed a critical vulnerability — CVE-2025-0033, dubbed RMPocalypse — that undermines AMD’s confidential computing technology across its Zen 3, Zen 4, and Zen 5 ...
-
Daily CyberSecurity
Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks
The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks as command-and-control (C2) endpoints to exfiltrate sensitive data from de ...
-
Daily CyberSecurity
iPhone Fold Hinge Costs Drop to $70-$80, Boosting Viability for Mass Production in 2026
The long-rumored foldable iPhone — tentatively referred to as the iPhone Fold — has yet to be officially announced, but numerous reports have already surfaced detailing its production logistics and co ...
-
Ars Technica
Hackers can steal 2FA codes and private messages from Android phones
STEALING CODES ONE PIXEL AT A TIME Malicious app required to make "Pixnapping" attack work requires no permissions. Samsung's S25 phones. Credit: Samsung Android devices are vulnerable to a new attack ...
-
The Cyber Express
Oracle Patches New E-Business Suite Flaw as CL0P Claims Harvard as Victim
Oracle rushed out a patch over the weekend for a new E-Business Suite vulnerability that can be exploited remotely without authentication. The vulnerability – CVE-2025-61884 – carries a 7.5 high-sever ...
-
CybersecurityNews
PoC Exploit Unveiled for Lenovo Code Execution Vulnerability Enabling Privilege Escalation
A critical vulnerability in Lenovo’s Dispatcher drivers has come under the spotlight after researchers released a proof-of-concept exploit that demonstrates privilege escalation on affected Windows sy ...
-
BleepingComputer
Oracle releases emergency patch for new E-Business Suite flaw
Oracle has issued an emergency security update over the weekend to patch another E-Business Suite (EBS) vulnerability that can be exploited remotely by unauthenticated attackers. Tracked as CVE-2025-6 ...
-
The Register
Android 'Pixnapping' attack can capture app data like 2FA codes
Security researchers have resurrected a 12-year-old data-stealing attack on web browsers to pilfer sensitive info from Android devices. The attack, dubbed Pixnapping, has yet to be mitigated. Conceptu ...
-
The Hacker News
⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More
Oct 13, 2025Ravie LakshmananCybersecurity / Hacking News Every week, the cyber world reminds us that silence doesn't mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked cre ...