CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Daily CyberSecurity
Critical WSUS Flaw (CVE-2025-59287, CVSS 9.8) Allows Unauthenticated RCE via Unsafe Cookie Deserialization, PoC Available
Security researcher Batuhan Er from HawkTrace has detailed a critical remote code execution (RCE) vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287. The flaw, ... Read more
-
Daily CyberSecurity
Critical NeuVector RCE Flaw (CVE-2025-54469, CVSS 10.0) Allows Command Injection via Unsanitized Environment Variables
The SUSE Rancher Security team has issued a critical advisory addressing a command injection and buffer overflow vulnerability in NeuVector, the company’s full lifecycle container security platform. T ... Read more
-
Daily CyberSecurity
Major Threat: Vidar Stealer v2.0 Bypasses Chrome AppBound Encryption with Multithreaded Memory Injection
Researchers at Trend Micro have released an in-depth analysis of Vidar Stealer v2.0, a major overhaul of the well-known Vidar information-stealing malware that has resurfaced with powerful new capabil ... Read more
-
Daily CyberSecurity
CISA Warns: Critical Raisecom Router Flaw (CVE-2025-11534, CVSS 9.8) Allows Unauthenticated Root SSH Access
The Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert regarding a critical authentication bypass vulnerability affecting Raisecom RAX701-GC routers used in industrial and tel ... Read more
-
Ars Technica
Cache poisoning vulnerabilities found in 2 DNS resolving apps
GONNA POISON LIKE IT’S 2008 At least one CVE could weaken defenses put in place following 2008 disclosure. The makers of BIND, the Internet’s most widely used software for resolving domain names, are ... Read more
-
CrowdStrike.com
October 2025 Patch Tuesday: Two Publicly Disclosed, Three Zero-Days, and Eight Critical Vulnerabilities Among 172 CVEs
Microsoft has addressed 172 vulnerabilities in its October 2025 security update release, marking the highest number of vulnerabilities patched in a single month this year. This month's patches address ... Read more
-
CrowdStrike.com
Falcon Defends Against Git Vulnerability CVE-2025-48384
CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384. In the observed activity, threat actors combined sophisticated social engineering tactics with malicious Git reposit ... Read more
-
CrowdStrike.com
How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit
Nearly 40,000 vulnerabilities were disclosed in 2024.1 Security teams are overwhelmed, especially those relying on outdated tools. ExPRT.AI, the native intelligence engine embedded in CrowdStrike Falc ... Read more
-
BleepingComputer
Hackers exploiting critical "SessionReaper" flaw in Adobe Magento
Hackers are actively exploiting the critical SessionReaper vulnerability (CVE-2025-54236) in Adobe Commerce (formerly Magento) platforms, with hundreds of attempts recorded. The activity was spotted b ... Read more
-
The Register
Salt Typhoon hit governments on three continents with SharePoint attacks
Security researchers now say more Chinese crews - likely including Salt Typhoon - than previously believed exploited a critical Microsoft SharePoint vulnerability, and used the flaw to target governme ... Read more