CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CrowdStrike.com
Falcon Defends Against Git Vulnerability CVE-2025-48384
CrowdStrike has identified active exploitation of Git vulnerability CVE-2025-48384. In the observed activity, threat actors combined sophisticated social engineering tactics with malicious Git reposit ... Read more
-
CrowdStrike.com
How Falcon Exposure Management’s ExPRT.AI Predicts What Attackers Will Exploit
Nearly 40,000 vulnerabilities were disclosed in 2024.1 Security teams are overwhelmed, especially those relying on outdated tools. ExPRT.AI, the native intelligence engine embedded in CrowdStrike Falc ... Read more
-
TheCyberThrone
Envoy Air Data Breach
October 21, 2025IntroductionOctober 2025 marked a significant moment in cyber risk management as Envoy Air, a major regional carrier for American Airlines, disclosed a data breach following a sophisti ... Read more
-
CybersecurityNews
CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert about a critical vulnerability in multiple Apple products. Tracked as CVE-2022-48503, this unspecified issu ... Read more
-
CybersecurityNews
Apache Syncope Groovy RCE Vulnerability Let Attackers Inject Malicious Code
Apache Syncope, an open-source identity management system, has been found vulnerable to remote code execution (RCE) through its Groovy scripting feature, as detailed in CVE-2025-57738. This flaw affec ... Read more
-
CybersecurityNews
Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users
A severe vulnerability in the popular better-auth library’s API keys plugin enables attackers to generate privileged credentials for any user without authentication. Dubbed CVE-2025-61928, the issue a ... Read more
-
The Hacker News
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Oct 21, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia in ... Read more
-
CybersecurityNews
CISA Warns Of Oracle E-Business Suite SSRF Vulnerability Actively Exploited In Attacks
CISA has issued an urgent alert about a critical server-side request forgery (SSRF) vulnerability in Oracle E-Business Suite, now actively exploited by threat actors. Tracked as CVE-2025-61884, the fl ... Read more
-
Help Net Security
CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)
CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency ... Read more
-
hackread.com
Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p
Texas-based regional airline Envoy Air, the largest carrier operating under American Airlines, confirmed on October 17, 2025, that it fell victim to a recent wave of attacks targeting a zero-day vulne ... Read more