CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CrowdStrike.com
July 2025 Patch Tuesday: One Publicly Disclosed Zero-Day and 14 Critical Vulnerabilities Among 137 CVEs
Microsoft has addressed 137 vulnerabilities in its July 2025 security update release, more than double the number of vulnerabilities in June. This month's patches include fixes for one publicly disclo ... Read more
-
CybersecurityNews
20-Year-Old Vulnerability Allows Hackers to Control Train Brakes
CISA has issued a critical advisory warning about a severe vulnerability in railway communication systems that could allow attackers to control train brakes remotely. The vulnerability, assigned CVE-2 ... Read more
-
Daily CyberSecurity
CVE-2025-53833 (CVSS 10): Critical SSTI Flaw in LaRecipe Threatens Millions of Laravel Apps
A newly discovered Server-Side Template Injection (SSTI) vulnerability in the widely-used LaRecipe documentation tool has been assigned CVE-2025-53833 and scored a perfect 10.0 CVSS, indicating critic ... Read more
-
Daily CyberSecurity
ImageMagick Flaw (CVE-2025-53101): Stack Buffer Overflow Allows Potential Remote Code Execution
A flaw has been discovered in ImageMagick, the widely used open-source image manipulation suite, that could lead to stack buffer overflows under specific conditions involving image filename templates. ... Read more
-
Daily CyberSecurity
HazyBeacon: Novel Backdoor Uses AWS Lambda for Stealthy C2, Targets Govts
Researchers from Unit 42 at Palo Alto Networks have uncovered a novel backdoor—HazyBeacon—used by a threat cluster identified as CL-STA-1020. The campaign, which began in late 2024, has targeted gover ... Read more
-
Daily CyberSecurity
CVE-2025-43856: OAuth2 Account Hijacking Flaw Found in Immich, a Popular Self-Hosted Photo Platform
A critical vulnerability has been disclosed in Immich, a rapidly growing open-source project for self-hosted photo and video management, with over 70,000 stars on GitHub. Tracked as CVE-2025-43856 and ... Read more
-
Trend Micro
Preventing Zero-Click AI Threats: Insights from EchoLeak
Key Takeaways EchoLeak is a zero-click AI vulnerability that exploits Copilot’s use of historical contextual data to silently execute hidden prompts without user interaction. The attack method relies ... Read more
-
DoublePulsar
CitrixBleed 2 situation update — everybody already got owned
5 min read11 hours ago--Update time on CVE-2025–5777, after my prior two blogs.The tl;dr version is basically:The ‘good news’, I suspect, is that most orgs will be too lacking in logs to have evidence ... Read more
-
The Register
A software-defined radio can derail a US train by slamming the brakes on remotely
When independent security researcher Neil Smith reported a vulnerability in a comms standard used by trains to the US government in 2012, he most likely didn't expect it would take until 2025 to sort ... Read more
-
CybersecurityNews
Wing FTP Server Vulnerability Actively Exploited – 2000+ Servers Exposed Online
Security researchers have confirmed active exploitation of a critical vulnerability in Wing FTP Server, just one day after technical details were publicly disclosed. The flaw, tracked as CVE-2025-4781 ... Read more