CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
CVE-2025-43856: OAuth2 Account Hijacking Flaw Found in Immich, a Popular Self-Hosted Photo Platform
A critical vulnerability has been disclosed in Immich, a rapidly growing open-source project for self-hosted photo and video management, with over 70,000 stars on GitHub. Tracked as CVE-2025-43856 and ... Read more
-
Trend Micro
Preventing Zero-Click AI Threats: Insights from EchoLeak
Key Takeaways EchoLeak is a zero-click AI vulnerability that exploits Copilot’s use of historical contextual data to silently execute hidden prompts without user interaction. The attack method relies ... Read more
-
DoublePulsar
CitrixBleed 2 situation update — everybody already got owned
5 min read11 hours ago--Update time on CVE-2025–5777, after my prior two blogs.The tl;dr version is basically:The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence ... Read more
-
The Register
A software-defined radio can derail a US train by slamming the brakes on remotely
When independent security researcher Neil Smith reported a vulnerability in a comms standard used by trains to the US government in 2012, he most likely didn't expect it would take until 2025 to sort ... Read more
-
CybersecurityNews
Wing FTP Server Vulnerability Actively Exploited – 2000+ Servers Exposed Online
Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed. The flaw, tracked as CVE-2025-4781 ... Read more
-
CybersecurityNews
Gigabyte UEFI Firmware Vulnerability Let Attackers Execute Arbitrary Code in the SMM Environment
Critical security vulnerabilities have been discovered in Gigabyte UEFI firmware that could allow attackers to execute arbitrary code in System Management Mode (SMM), one of the most privileged execut ... Read more
-
BleepingComputer
Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot
Dozens of Gigabyte motherboard models run on UEFI firmware vulnerable to security issues that allow planting bootkit malware that is invisible to the operating system and can survive reinstalls. The v ... Read more
-
Help Net Security
Exploits for unauthenticated FortiWeb RCE are public, so patch quickly! (CVE-2025-25257)
With two proof-of-concept (PoC) exploits made public late last week, CVE-2025-25257 – a critical SQL command injection vulnerability in Fortinet’s FortiWeb web application firewall – is expected to b ... Read more
-
The Cyber Express
Cloned Phones, Stolen Identities: The eSIM Hack No One Saw Coming
Embedded SIMs (eSIMs), officially known as Kigen eUICC, are transforming connectivity by allowing users to switch operators without physically swapping cards. These chips store digital profiles and su ... Read more
-
TheCyberThrone
CVE-2025-25257 Critical FortiWeb SQL Injection Leading to RCE
Skip to content July 14, 2025🔐 Vulnerability SummaryCVE ID: CVE-2025-25257Product Affected: Fortinet FortiWeb – A Web Application Firewall (WAF)Vulnerability Type: Unauthenticated SQL Injection (CWE-8 ... Read more