CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
cert.pl
Vulnerability in GALAYOU G2 software
Vulnerability in GALAYOU G2 software CVE ID CVE-2025-9983 Publication date 22 September 2025 Vendor GALAYOU Product G2 Vulnerable versions 11.100001.01.28 Vulnerability type (CWE) Missing Authenticati ... Read more
-
The Cyber Express
Microsoft Entra ID Exposed: Actor Token Flaw Enables Stealthy Global Admin Takeove
A newly disclosed vulnerability tracked as CVE-2025-55241 has been reported. The flaw, discovered by an independent researcher and disclosed in September 2025, revealed that Microsoft Entra ID, former ... Read more
-
Daily CyberSecurity
Apple’s In-House Chips Pave the Way for On-Device AI Revolution
In recent years, Apple has vigorously advanced its strategy of self-developing chips, evolving from the A-series and M-series processors to the Apple 16e, released earlier this year, which debuted the ... Read more
-
CybersecurityNews
Hackers Bypassing Windows Mark of the Web Files Using LNK Stomping Attack
A sophisticated attack technique called LNK Stomping has emerged as a critical threat to Windows security, exploiting a fundamental flaw in how the operating system handles shortcut files to bypass se ... Read more
-
The Hacker News
Microsoft Patches Critical Entra ID Flaw Enabling Global Admin Impersonation Across Tenants
A critical token validation failure in Microsoft Entra ID (previously Azure Active Directory) could have allowed attackers to impersonate any user, including Global Administrators, across any tenant. ... Read more
-
TheCyberThrone
The Actor Token Nightmare: CVE-2025-55241
September 22, 2025In July 2025, deep within the cloud fabric that powers thousands of businesses worldwide, a flaw silently waited to be discovered. It lurked in the legacy backend of Microsoft’s Entr ... Read more
-
Daily CyberSecurity
PoC Released for CVE-2025-41243 – A Spring Cloud Gateway Flaw with CVSS 10.0
Privacy & Transparencysecurityonline.info and our partners ask for your consent to use your personal data, and to store and/or access information on your device. This includes using your personal data ... Read more
-
Daily CyberSecurity
CountLoader: A New Malware Loader Linked to Russian Ransomware Groups
Researchers at Silent Push have identified a newly emerging malware loader dubbed CountLoader, which they assess to be linked with multiple ransomware groups—primarily Russian-speaking cybercriminals. ... Read more
-
Daily CyberSecurity
CVE-2025-55241: Microsoft Entra ID Flaw with CVSS 10.0 Could Have Compromised Every Tenant Worldwide
Image: Dirk-jan Mollema In one of the most significant discoveries of 2025, security researcher Dirk-jan Mollema revealed a vulnerability in Microsoft Entra ID (formerly Azure AD) that could have enab ... Read more
-
Daily CyberSecurity
GOLD SALEM: A New Ransomware Group Is Exploiting SharePoint Flaws
Researchers from the Sophos Counter Threat Unit (CTU) have published new intelligence on a rising ransomware group known as GOLD SALEM, also referred to as the Warlock Group. Active since March 2025, ... Read more