CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
GitLab Patches Two High-Severity Flaws in GraphQL API Affecting Both CE and EE Editions
GitLab has released important updates addressing two high-severity vulnerabilities that impact both its Community Edition (CE) and Enterprise Edition (EE) products. The flaws — CVE-2025-11340 and CVE- ...
-
Daily CyberSecurity
CrowdStrike Releases Fixes for Two Falcon Sensor for Windows Vulnerabilities (CVE-2025-42701 & CVE-2025-42706)
CrowdStrike has released security updates to address two vulnerabilities in its Falcon Sensor for Windows, identified as CVE-2025-42701 and CVE-2025-42706. While both flaws require prior local code ex ...
-
Daily CyberSecurity
High-Severity Deno Flaw CVE-2025-61787 Allows Command Injection on Windows
The Deno project has issued a new security advisory warning of a command injection vulnerability on Windows systems, tracked as CVE-2025-61787 and rated CVSS 8.1 (High). The flaw affects Deno versions ...
-
CybersecurityNews
FreePBX SQL Injection Vulnerability Exploited to Modify The Database
A critical SQL injection vulnerability in FreePBX has emerged as a significant threat to VoIP infrastructure worldwide, enabling attackers to manipulate database contents and achieve arbitrary code ex ...
-
Daily CyberSecurity
Microsoft Warns: Threat Actors Turn Microsoft Teams into a Weapon for Ransomware, Espionage, and Social Engineering
Microsoft Threat Intelligence has released an extensive report detailing how both cybercriminals and state-sponsored actors are weaponizing Microsoft Teams, exploiting its collaboration features — mes ...
-
Daily CyberSecurity
Crimson Collective APT Uses Leaked IAM Keys to Hijack AWS Accounts for Data Theft
Security researchers at Rapid7 have identified a newly emerging cybercriminal group known as Crimson Collective, which has been actively attacking Amazon Web Services (AWS) environments to exfiltrate ...
-
Daily CyberSecurity
Critical Akka.NET Flaw CVE-2025-61778 (CVSS 9.3) Allows Untrusted Nodes to Join Secure Clusters
The Akka.NET team has issued a critical security advisory for a severe vulnerability in its Akka.Remote module that could allow untrusted systems to join or communicate with trusted clusters without p ...
-
Trend Micro
RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
Cyber Threats Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen i ...
-
BleepingComputer
Hackers exploit auth bypass in Service Finder WordPress theme
Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. Administrator privileges in ...
-
0patch.com
Micropatches Released for Windows Storage Spoofing Vulnerability (CVE-2025-49760)
July 2025 Windows Updates brought a patch for CVE-2025-49760, a local privilege escalation vulnerability allowing a local unprivileged attacker to manipulate Windows Storage Service and extract local ...