CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
IGEL OS 10 Flaw (CVE-2025-47827): Full Secure Boot Bypass Allows Untrusted Kernel & Rootkits, PoC Available
Researcher Zack Didcott has disclosed a critical vulnerability affecting IGEL OS 10. Tracked as CVE-2025-47827, the flaw enables a full Secure Boot bypass, allowing attackers to load arbitrary, unsign ... Read more
-
Daily CyberSecurity
TPM 2.0 Flaw (CVE-2025-2884) Exposes Sensitive Data & Disrupts Trusted Computing!
A vulnerability in the Trusted Platform Module (TPM) 2.0 reference implementation has been disclosed, potentially allowing attackers to access sensitive memory contents or disrupt trusted computing op ... Read more
-
Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto
CISA Warns of Remote Control Flaws in SinoTrack GPS Trackers
Owners of SinoTrack GPS devices should be aware of significant security weaknesses that could allow unauthorized individuals to track vehicles or even cut off their fuel remotely. These vulnerabilitie ... Read more
-
Dark Reading
ConnectWise to Rotate Code-Signing Certificates
Source: Stu Gray via Alamy Stock PhotoConnectWise this Friday will rotate all code-signing certificates for ScreenConnect, ConnectWise Automate, and ConnectWise RMM. While the software company recentl ... Read more
-
The Register
Salesforce tags 5 CVEs after SaaS security probe uncovers misconfig risks
Salesforce has assigned five CVE identifiers following a security report that uncovered more than 20 configuration weaknesses, some of which exposed customers to unauthorized access and session hijack ... Read more
-
BleepingComputer
Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot
A new attack dubbed 'EchoLeak' is the first known zero-click AI vulnerability that enables attackers to exfiltrate sensitive data from Microsoft 365 Copilot from a user's context without interaction. ... Read more
-
The Hacker News
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access ... Read more
-
BleepingComputer
Hackers exploited Windows WebDav zero-day to drop malware
An APT hacking group known as 'Stealth Falcon' exploited a Windows WebDav RCE vulnerability in zero-day attacks since March 2025 against defense and government organizations in Turkey, Qatar, Egypt, a ... Read more
-
Cyber Security News
Windows Task Scheduler Vulnerability Let Attackers Escalate Privileges
A significant security vulnerability in Windows Task Scheduler could allow attackers to escalate their privileges to SYSTEM level access without requiring initial administrative rights. Designated as ... Read more
-
BleepingComputer
Microsoft creates separate Windows 11 24H2 update for incompatible PCs
Microsoft confirmed on Tuesday that it's pushing a revised security update targeting some Windows 11 24H2 systems incompatible with the initial update released during this month's Patch Tuesday. "This ... Read more