CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
OneLogin AD Connector Flaw Exposes Credentials & Allows Account Impersonation
Image: SpecterOps A recent investigation by SpecterOps has uncovered a chain of critical vulnerabilities in OneLogin’s Active Directory (AD) Connector service that enabled attackers to impersonate use ...
-
Daily CyberSecurity
PoCGen: AI Tool Automates Exploit Generation for npm Vulnerabilities with LLMs
A tool named PoCGen is revolutionizing how the security community generates Proof-of-Concept (PoC) exploits for vulnerabilities in the npm ecosystem. Developed by researchers Deniz Simsek, Aryaz Eghba ...
-
Daily CyberSecurity
Zyxel Firewalls Under Attack via Critical CVE-2023-28771
A sudden and coordinated wave of exploit attempts targeting a critical vulnerability in Zyxel firewalls has been detected. The attack centers around CVE-2023-28771, a high-severity remote code executi ...
-
Trend Micro
Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet
Summary: Trend™ Research has identified an active campaign exploiting CVE-2025-3248 to deliver the Flodrix botnet. Attackers use the vulnerability to execute downloader scripts on compromised Langflow ...
-
Daily CyberSecurity
Langflow Under Attacks: CVE-2025-3248 Exploited to Deliver Stealthy Flodrix Botnet
Trend Micro has uncovered an active and sophisticated campaign exploiting a critical remote code execution (RCE) vulnerability in Langflow, a popular open-source framework for building AI applications ...
-
AttackIQ
Response to CISA Advisory (AA25-163A): Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider
On June 12, 2025, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) released a Cyber Security Advisory (CSA) which highlights ransomware actors exploiting vulnerabilities in the SimpleHel ...
-
databreaches.net
Copilot AI Bug Could Leak Sensitive Data via Email Prompts
Rashmi Ramesh reports: A well-phrased email was all an attacker would have needed to trick Microsoft Copilot into handing over sensitive data until the operating system giant patched the vulnerability ...
-
BleepingComputer
ASUS Armoury Crate bug lets attackers get Windows admin privileges
A high-severity vulnerability in ASUS Armoury Crate software could allow threat actors to escalate their privileges to SYSTEM level on Windows machines. The security issue is tracked as CVE-2025-3464 ...
-
0patch.com
Micropatches Released for WEBDAV Remote Code Execution Vulnerability (CVE-2025-33053)
June 2025 Windows updates brought a fix for CVE-2025-33053, a remote code execution vulnerability that was found to be exploited in the wild. The vulnerability allows a malicious URL file pointing to ...
-
TheCyberThrone
CVE-2025-26685 impacts Microsoft Defender with Identity Spoofing
A new security vulnerability, designated as CVE-2025-26685, has been identified in Microsoft Defender for Identity, an Active Directory security solution used to detect identity-based threats. This vu ...