CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CrowdStrike.com
From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from ... Read more
-
CybersecurityNews
CISA Warns of XWiki Platform Injection vulnerability Exploited to Execute Remote Code
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a severe injection vulnerability in the XWiki Platform, designated as CVE-2025-24893. This flaw allo ... Read more
-
The Hacker News
CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks
Oct 31, 2025Ravie LakshmananVulnerability / Cyber Attack The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware To ... Read more
-
CrowdStrike.com
Falcon Defends Against Git Vulnerability CVE-2025-48384
CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384. In the observed activity, threat actors combined sophisticated social engineering tactics with malicious Git reposit ... Read more
-
CrowdStrike.com
How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit
Nearly 40,000 vulnerabilities were disclosed in 2024.1 Security teams are overwhelmed, especially those relying on outdated tools. ExPRT.AI, the native intelligence engine embedded in CrowdStrike Falc ... Read more
-
CrowdStrike.com
From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from ... Read more
-
Daily CyberSecurity
Chinese APT BRONZE BUTLER Exploits LANSCOPE Zero-Day for SYSTEM Control
A sophisticated campaign executed by the Chinese state-sponsored threat group BRONZE BUTLER (also known as Tick) has been confirmed, utilizing a zero-day vulnerability in the Japanese-developed Motex ... Read more
-
Daily CyberSecurity
CISA Warns of Active Exploitation in XWiki and VMware Vulnerabilities
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two new flaws—CVE-2025-24893 in XWiki Platform and CVE-2025-41244 in Broadcom VMware Aria Operations and VMware Tools—to its ... Read more
-
Daily CyberSecurity
Brash Attack: Critical Chromium Flaw Allows DoS via Simple Code Injection
Google’s Chromium, developed by Google, forms the foundation of many modern browsers — yet researchers have uncovered a newly discovered flaw in Chromium’s Blink rendering engine that can enable a den ... Read more
-
CybersecurityNews
CISA Warns of VMware Tools and Aria Operations 0-Day Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-41244 to its Known Exploited Vulnerabilities catalog. This local privilege escalation flaw affects Broadcom’s VMware Aria ... Read more