CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign
Researchers at Kaspersky uncovered a sophisticated espionage campaign exploiting a zero-day vulnerability in Google Chrome and delivering commercial spyware linked to the Italian company Memento Labs ... Read more
-
Daily CyberSecurity
High-Severity OpenVPN Flaw (CVE-2025-10680) Allows Script Injection on Linux/macOS via Malicious DNS Server
Security researchers have disclosed a high-severity vulnerability, tracked as CVE-2025-10680 (CVSS 8.8), affecting OpenVPN 2.7_alpha1 through 2.7_beta1 releases. The flaw exposes Unix-like systems to ... Read more
-
CybersecurityNews
Apache Tomcat Security Vulnerabilities Expose Servers to Remote Code Execution Attacks
The Apache Software Foundation has highlighted critical flaws in Apache Tomcat, a widely used open-source Java servlet container that powers numerous web applications. On October 27, 2025, Apache disc ... Read more
-
Daily CyberSecurity
SideWinder APT Shifts to PDF/ClickOnce Chain to Target South Asian Diplomacy with StealerBot
Trellix Advanced Research Center (ARC) has exposed a sophisticated espionage campaign conducted by the SideWinder APT group, targeting multiple South Asian diplomatic entities — including embassies an ... Read more
-
CrowdStrike.com
October 2025 Patch Tuesday: Two Publicly Disclosed, Three Zero-Days, and Eight Critical Vulnerabilities Among 172 CVEs
Microsoft has addressed 172 vulnerabilities in its October 2025 security update release, marking the highest number of vulnerabilities patched in a single month this year. This month's patches address ... Read more
-
CrowdStrike.com
Falcon Defends Against Git Vulnerability CVE-2025-48384
CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384. In the observed activity, threat actors combined sophisticated social engineering tactics with malicious Git reposit ... Read more
-
CrowdStrike.com
How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit
Nearly 40,000 vulnerabilities were disclosed in 2024.1 Security teams are overwhelmed, especially those relying on outdated tools. ExPRT.AI, the native intelligence engine embedded in CrowdStrike Falc ... Read more
-
CrowdStrike.com
From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from ... Read more
-
Daily CyberSecurity
Apache Tomcat Patches URL Rewrite Bypass (CVE-2025-55752) Risking RCE and Console ANSI Injection
The Apache Software Foundation has released multiple security patches for Apache Tomcat, addressing three newly disclosed vulnerabilities — CVE-2025-55752, CVE-2025-55754, and CVE-2025-61795 — affecti ... Read more
-
The Register
WSUS attacks hit 'multiple' orgs as Google and other infosec sleuths ring Redmond’s alarm bell
More threat intel teams are sounding the alarm about a critical Windows Server Update Services (WSUS) remote code execution vulnerability, tracked as CVE-2025-59287 and now under active exploitation, ... Read more