CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
CERT/CC Warns of Critical Flaws in Workhorse Municipal Accounting Software
The CERT Coordination Center (CERT/CC) has issued a vulnerability note warning of serious security flaws in Workhorse Software Services’ municipal accounting platform. Versions prior to 1.9.4.48019 co ...
-
Daily CyberSecurity
Google Chrome Issues High-Severity Fix for V8 Engine Vulnerability (CVE-2025-9132)
Google has released a Stable Channel Update for its Chrome browser, addressing a critical security issue in the widely used V8 JavaScript engine. The update, rolling out to Windows, macOS, and Linux u ...
-
Daily CyberSecurity
A ChatGPT App Is Hiding a Backdoor: Microsoft Exposes the PipeMagic Malware
Microsoft Threat Intelligence has uncovered PipeMagic, a sophisticated modular backdoor used by the financially motivated threat actor Storm-2460. The malware masquerades as a legitimate open-source C ...
-
Daily CyberSecurity
Researcher Details CVE-2025-29824 – A Windows CLFS 0-Day Exploited by Ransomware Gang
In April, Microsoft has patched a high-severity, zero-day vulnerability (CVE-2025-29824) in the Windows Common Log File System that was exploited by the RansomEXX gang. The use-after-free flaw allowed ...
-
Trend Micro
Warlock: From SharePoint Vulnerability Exploit to Enterprise Ransomware
Key takeaways Warlock ransomware operators exploited vulnerable Microsoft SharePoint servers, using targeted HTTP POST requests to upload web shells, enabling reconnaissance and credential theft. More ...
-
The Register
Like burglars closing a door, Apache ActiveMQ attackers patch critical vuln after breaking in
Criminals exploiting a critical vulnerability in open source Apache ActiveMQ middleware are fixing the flaw that allowed them access, after establishing persistence on Linux servers. Researchers at se ...
-
The Hacker News
Apache ActiveMQ Flaw Exploited to Deploy DripDropper Malware on Cloud Linux Systems
Aug 19, 2025Ravie LakshmananLinux / Malware Threat actors are exploiting a nearly two-year-old security flaw in Apache ActiveMQ to gain persistent access to cloud Linux systems and deploy malware ca ...
-
CybersecurityNews
New Exploit for SAP 0-Day Vulnerability Allegedly Released in the Wild by ShinyHunters Hackers
Key Takeaways1. ShinyHunters publicly released exploits for critical SAP vulnerabilities.2. Unauthenticated attackers can achieve complete system takeover and remote code execution.3. Immediately appl ...
-
TheCyberThrone
CVE-2025-38989 affects Apache Tomcat
August 19, 2025CVE-2025-48989 is a Denial-of-Service (DoS) vulnerability in Apache Tomcat, specifically affecting its HTTP/2 implementation. It is classified as an “Improper Resource Shutdown or Relea ...
-
Red Canary
Patching for persistence: How DripDropper Linux malware moves through the cloud
It may seem counterintuitive for an adversary to “fix” a compromised system after gaining remote access but in many scenarios the motivation can be twofold. It’s a great way to potentially lock out ot ...