CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Urgent Xerox FreeFlow Core Patch: Critical Flaws (CVSS 9.8) Allow RCE and SSRF
Xerox has released a security update for FreeFlow Core, addressing two high-impact vulnerabilities that could allow attackers to perform Server-Side Request Forgery (SSRF) or gain Remote Code Executio ... Read more
-
Daily CyberSecurity
CVE-2025-5095 (CVSS 9.8): Critical Flaw in ARC Solo Broadcasting Devices Allows Unauthenticated Takeover
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a security advisory warning about a critical authentication bypass vulnerability affecting ARC Solo devices — widely used monitor ... Read more
-
Daily CyberSecurity
Linux Kernel Flaw (CVE-2025-38236): Privilege Escalation Risk, PoC Code Available
Security researcher Jann Horn from Google Project Zero disclosed the technical details and proof-of-concept exploit code for a high-severity vulnerability in the Linux kernel — CVE-2025-38236 (CVSS 7. ... Read more
-
Daily CyberSecurity
WinRAR Update: Zero-Day Path Traversal Flaw (CVE-2025-8088) Actively Exploited to Deliver Malware
Security researchers at ESET have uncovered a zero-day path traversal vulnerability in the Windows version of WinRAR that has been actively exploited to execute arbitrary code on victims’ systems. Tra ... Read more
-
The Register
Trend Micro offers weak workaround for already-exploited critical vuln in management console
Infosec In Brief A critical vulnerability in the on-prem version of Trend Micro's Apex One endpoint security platform is under active exploitation, the company admitted last week, and there's no patch ... Read more
-
CybersecurityNews
New ‘Win-DoS’ Zero-Click Vulnerabilities Turns Windows Server/Endpoint, Domain Controllers Into DDoS Botnet
LAS VEGAS — At the DEF CON 33 security conference, researchers Yair and Shahak Morag of SafeBreach Labs unveiled a new class of denial-of-service (DoS) attacks, dubbed the “Win-DoS Epidemic.” The duo ... Read more
-
The Hacker News
New Win-DDoS Flaws Let Attackers Turn Public Domain Controllers into DDoS Botnet via RPC, LDAP
Aug 10, 2025Ravie LakshmananVulnerability / Network Security A novel attack technique could be weaponized to rope thousands of public domain controllers (DCs) around the world to create a malicious ... Read more
-
CrowdStrike.com
CrowdStrike Falcon Prevents Supply Chain Attack Involving Compromised NPM Packages
Recently, five popular NPM (Node Package Manager) packages were compromised and modified to deliver a malicious DLL, dubbed “Scavenger”. The malware pushed via these compromised NPM packages executes ... Read more
-
The Hacker News
Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation
Aug 10, 2025Ravie LakshmananVulnerability / Endpoint Security Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Ca ... Read more
-
CrowdStrike.com
CrowdStrike Falcon Prevents Supply Chain Attack Involving Compromised NPM Packages
Recently, five popular NPM (Node Package Manager) packages were compromised and modified to deliver a malicious DLL, dubbed “Scavenger”. The malware pushed via these compromised NPM packages executes ... Read more