CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Hacker News
EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware
The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that's targeting Web3 developers to infect them with information stea ...
-
BleepingComputer
Microsoft SharePoint zero-day exploited in RCE attacks, no patch available
A critical zero-day vulnerability in Microsoft SharePoint, tracked as CVE-2025-53770, has been actively exploited since at least July 18th, with no patch available and at least 85 servers already comp ...
-
BleepingComputer
HPE warns of hardcoded passwords in Aruba access points
Hewlett-Packard Enterprise (HPE) is warning of hardcoded credentials in Aruba Instant On Access Points that allow attackers to bypass normal device authentication and access the web interface. Aruba I ...
-
The Hacker News
Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Global Organizations
Jul 20, 2025Ravie LakshmananZero-Day / Vulnerability A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an "active, large-scale" exploitation campaign. T ...
-
Help Net Security
Week in review: Google fixes zero-day vulnerability in Chrome, critical SQL injection flaw in FortiWeb
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Update Google Chrome to fix actively exploited zero-day (CVE-2025-6558) For the fifth time this year, ...
-
The Hacker News
Hackers Exploit Critical CrushFTP Flaw to Gain Admin Access on Unpatched Servers
Jul 20, 2025Ravie LakshmananVulnerability / Threat Intelligence A newly disclosed critical security flaw in CrushFTP has come under active exploitation in the wild. Assigned the CVE identifier CVE-2 ...
-
seclists.org
Multiple vulnerabilities in the web management interface of Intelbras routers
Full Disclosure mailing list archives From: Gabriel Augusto Vaz de Lima via Fulldisclosure <fulldisclosure () seclists org> Date: Mon, 14 Jul 2025 10:42:55 -0300 =====[Tempest Security Intelligence]== ...
-
CybersecurityNews
Grafana Vulnerabilities Allow User Redirection to Malicious Sites and Code Execution in Dashboards
Two significant Grafana vulnerabilities that could allow attackers to redirect users to malicious websites and execute arbitrary JavaScript code. The vulnerabilities, identified as CVE-2025-6023 and C ...
-
CybersecurityNews
SharePoint 0-Day RCE Vulnerability Actively Exploited in the Wild to Gain Full Server Access
A sophisticated cyberattack campaign targeting Microsoft SharePoint servers has been discovered exploiting a newly weaponized vulnerability chain dubbed “ToolShell,” enabling attackers to gain complet ...
-
Daily CyberSecurity
SharePoint Server Under Active Zero-Day Attack (CVE-2025-53770, CVSS 9.8), No Patch Yet!
Microsoft has issued an urgent security advisory for on-premises SharePoint Server customers in response to active exploitation of a critical remote code execution (RCE) vulnerability. The issue—now t ...