CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
The Hacker News
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. ... Read more
-
TheCyberThrone
The Actor Token Nightmare: CVE-2025-55241
September 22, 2025In July 2025, deep within the cloud fabric that powers thousands of businesses worldwide, a flaw silently waited to be discovered. It lurked in the legacy backend of Microsoft’s Entr ... Read more
-
Daily CyberSecurity
PoC Released for CVE-2025-41243 – A Spring Cloud Gateway Flaw with CVSS 10.0
Privacy & Transparencysecurityonline.info and our partners ask for your consent to use your personal data, and to store and/or access information on your device. This includes using your personal data ... Read more
-
Daily CyberSecurity
CountLoader: A New Malware Loader Linked to Russian Ransomware Groups
Researchers at Silent Push have identified a newly emerging malware loader dubbed CountLoader, which they assess to be linked with multiple ransomware groups—primarily Russian-speaking cybercriminals. ... Read more
-
Daily CyberSecurity
CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide
Image: Dirk-jan Mollema In one of the most significant discoveries of 2025, security researcher Dirk-jan Mollema revealed a vulnerability in Microsoft Entra ID (formerly Azure AD) that could have enab ... Read more
-
Daily CyberSecurity
GOLD SALEM: A New Ransomware Group Is Exploiting SharePoint Flaws
Researchers from the Sophos Counter Threat Unit (CTU) have published new intelligence on a rising ransomware group known as GOLD SALEM, also referred to as the Warlock Group. Active since March 2025, ... Read more
-
Daily CyberSecurity
CVE-2025-9961: TP-Link Router Flaw Could Be Exploited for RCE, PoC Released
Image: ByteRay Security researchers at ByteRay have published a detailed exploitation write-up of CVE-2025-9961, a vulnerability in TP-Link’s CWMP (CPE WAN Management Protocol) service that can be wea ... Read more
-
Daily CyberSecurity
Microsoft to Build the “World’s Most Powerful AI Data Center” in Wisconsin
Aerial view of Microsoft’s new AI datacenter campus in Mt Pleasant, Wisconsin. Microsoft has officially announced an additional $4 billion investment in Wisconsin to construct its second hyperscale AI ... Read more
-
CrowdStrike.com
September 2025 Patch Tuesday: Two Publicly Disclosed Zero-Days and Eight Critical Vulnerabilities Among 84 CVEs
Microsoft has addressed 84 vulnerabilities in its September 2025 security update release. This month's patches address two publicly disclosed zero-day vulnerabilities and eight Critical vulnerabilitie ... Read more
-
BleepingComputer
Microsoft Entra ID flaw allowed hijacking any company's tenant
A critical combination of legacy components could have allowed complete access to the Microsoft Entra ID tenant of every company in the world. The fatal mix included undocumented tokens called “actor ... Read more