CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Crimson Collective APT Uses Leaked IAM Keys to Hijack AWS Accounts for Data Theft
Security researchers at Rapid7 have identified a newly emerging cybercriminal group known as Crimson Collective, which has been actively attacking Amazon Web Services (AWS) environments to exfiltrate ... Read more
-
Daily CyberSecurity
Critical Akka.NET Flaw CVE-2025-61778 (CVSS 9.3) Allows Untrusted Nodes to Join Secure Clusters
The Akka.NET team has issued a critical security advisory for a severe vulnerability in its Akka.Remote module that could allow untrusted systems to join or communicate with trusted clusters without p ... Read more
-
Trend Micro
RondoDox: From Targeting Pwn2Own Vulnerabilities to Shotgunning Exploits
Cyber Threats Trend™ Research and ZDI Threat Hunters have identified a large-scale RondoDox botnet campaign exploiting over 50 vulnerabilities across more than 30 vendors, including flaws first seen i ... Read more
-
CrowdStrike.com
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications f ... Read more
-
BleepingComputer
Hackers exploit auth bypass in Service Finder WordPress theme
Threat actors are actively exploiting a critical vulnerability in the Service Finder WordPress theme that allows them to bypass authentication and log in as administrators. Administrator privileges in ... Read more
-
CrowdStrike.com
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications f ... Read more
-
0patch.com
Micropatches Released for Windows Storage Spoofing Vulnerability (CVE-2025-49760)
July 2025 Windows Updates brought a patch for CVE-2025-49760, a local privilege escalation vulnerability allowing a local unprivileged attacker to manipulate Windows Storage Service and extract local ... Read more
-
Zero Day Initiative
Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing
In April of 2025, my colleague Mat Powell was hunting for vulnerabilities in Autodesk Revit 2025. While fuzzing RFA files, he found the following crash (CVE-2025-5037 / ZDI-CAN-26922, addressed by Aut ... Read more
-
CrowdStrike.com
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications f ... Read more
-
CybersecurityNews
Google’s New AI Agent, CodeMender, Automatically Rewrites Vulnerable Code
Google has introduced CodeMender, a new artificial intelligence-powered agent that automatically enhances software security by identifying and fixing vulnerabilities. This initiative addresses the gro ... Read more