CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
Trend Micro
AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks
Artificial Intelligence (AI) Trend™ Research’s analysis of Wondershare RepairIt reveals how the AI-driven app exposed sensitive user data due to unsecure cloud storage practices and hardcoded credenti ... Read more
-
CrowdStrike.com
September 2025 Patch Tuesday: Two Publicly Disclosed Zero-Days and Eight Critical Vulnerabilities Among 84 CVEs
Microsoft has addressed 84 vulnerabilities in its September 2025 security update release. This month's patches address two publicly disclosed zero-day vulnerabilities and eight Critical vulnerabilitie ... Read more
-
Kaspersky
VMScape attack | Kaspersky official blog
A team of researchers at the Swiss Federal Institute of Technology in Zurich (ETH Zurich) has published a research paper demonstrating how a Spectre v2 attack can be used for a sandbox escape in a vir ... Read more
-
CrowdStrike.com
September 2025 Patch Tuesday: Two Publicly Disclosed Zero-Days and Eight Critical Vulnerabilities Among 84 CVEs
Microsoft has addressed 84 vulnerabilities in its September 2025 security update release. This month's patches address two publicly disclosed zero-day vulnerabilities and eight Critical vulnerabilitie ... Read more
-
InfoSec Write-ups
JWT Warfare: Obfuscation, Cracking, and Red Team Exploits | Cyber Codex
What is JWT?JWT (JSON Web Token) is a compact, URL-safe method of representing claims between two parties. It is used mostly in stateless authentication. JWTs are often passed via cookies, headers, or ... Read more
-
CybersecurityNews
Chrome Type Confusion 0-Day Vulnerability Code Analysis Released
Google Chrome’s V8 JavaScript engine has been compromised by a critical type confusion zero-day vulnerability, designated CVE-2025-10585, marking the sixth actively exploited Chrome zero-day discovere ... Read more
-
CrowdStrike.com
September 2025 Patch Tuesday: Two Publicly Disclosed Zero-Days and Eight Critical Vulnerabilities Among 84 CVEs
Microsoft has addressed 84 vulnerabilities in its September 2025 security update release. This month's patches address two publicly disclosed zero-day vulnerabilities and eight Critical vulnerabilitie ... Read more
-
Help Net Security
Unpatched Fortra GoAnywhere instances at risk of full takeover (CVE-2025-10035)
If you’re running Fortra’s GoAnywhere managed file transfer solution and you haven’t updated to the latest available version for a while, do so now or risk getting your instance compromised via CVE-20 ... Read more
-
cert.pl
Vulnerability in GALAYOU G2 software
Vulnerability in GALAYOU G2 software CVE ID CVE-2025-9983 Publication date 22 September 2025 Vendor GALAYOU Product G2 Vulnerable versions 11.100001.01.28 Vulnerability type (CWE) Missing Authenticati ... Read more
-
The Cyber Express
Microsoft Entra ID Exposed: Actor Token Flaw Enables Stealthy Global Admin Takeove
A newly disclosed vulnerability tracked as CVE-2025-55241 has been reported. The flaw, discovered by an independent researcher and disclosed in September 2025, revealed that Microsoft Entra ID, former ... Read more