CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Trend Micro
RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
Cyber Threats Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen i ...
-
BleepingComputer
Hackers exploit auth bypass in Service Finder WordPress theme
Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. Administrator privileges in ...
-
0patch.com
Micropatches Released for Windows Storage Spoofing Vulnerability (CVE-2025-49760)
July 2025 Windows Updates brought a patch for CVE-2025-49760, a local privilege escalation vulnerability allowing a local unprivileged attacker to manipulate Windows Storage Service and extract local ...
-
Zero Day Initiative
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing
In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. While fuzzing RFA files, he found the following crash (CVE-2025-5037 / ZDI-CAN-26922, addressed by Aut ...
-
CybersecurityNews
Google’s New AI Agent, CodeMender, Automatically Rewrites Vulnerable Code
Google has introduced CodeMender, a new artificial intelligence-powered agent that automatically enhances software security by identifying and fixing vulnerabilities. This initiative addresses the gro ...
-
The Cyber Express
Google Launches Dedicated AI Bug Bounty Program with Rewards Up to $30,000
Google has unveiled a new AI Vulnerability Reward Program (VRP), offering payouts of up to $30,000 for researchers who successfully identify and report security flaws in its AI products, including its ...
-
CybersecurityNews
Critical AWS ClientVPN for macOS Vulnerability Let Attackers Escalate Privileges
A critical flaw in the AWS Client VPN for macOS has been disclosed, presenting a local privilege escalation risk to non-administrator users. The vulnerability tracked as CVE-2025-11462 allows attacker ...
-
The Hacker News
Severe Figma MCP Vulnerability Lets Hackers Execute Code Remotely — Patch Now
Oct 08, 2025Ravie LakshmananVulnerability / Software Security Cybersecurity researchers have disclosed details of a now-patched vulnerability in the popular figma-developer-mcp Model Context Protoco ...
-
CybersecurityNews
PoC Exploit Released for Critical Lua Engine Vulnerabilities
Three newly disclosed vulnerabilities have been identified in the Lua scripting engine of Redis 7.4.5, each presenting severe risks of remote code execution and privilege escalation. Redrays has relea ...
-
security.nl
WordPress-sites aangevallen via kritiek lek in Service Finder Bookings plug-in
WordPress-sites worden actief aangevallen via een kritieke kwetsbaarheid in de Service Finder Bookings plug-in. Via het beveiligingslek (CVE-2025-5947) kan een ongeauthenticeerde aanvaller admin-toega ...