CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
TheCyberThrone
Envoy Air Data Breach
October 21, 2025IntroductionOctober 2025 marked a significant moment in cyber risk management as Envoy Air, a major regional carrier for American Airlines, disclosed a data breach following a sophisti ... Read more
-
CybersecurityNews
CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert about a critical vulnerability in multiple Apple products. Tracked as CVE-2022-48503, this unspecified issu ... Read more
-
CybersecurityNews
Apache Syncope Groovy RCE Vulnerability Let Attackers Inject Malicious Code
Apache Syncope, an open-source identity management system, has been found vulnerable to remote code execution (RCE) through its Groovy scripting feature, as detailed in CVE-2025-57738. This flaw affec ... Read more
-
CybersecurityNews
Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users
A severe vulnerability in the popular better-auth library’s API keys plugin enables attackers to generate privileged credentials for any user without authentication. Dubbed CVE-2025-61928, the issue a ... Read more
-
The Hacker News
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Oct 21, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge. PolarEdge was first documented by Sekoia in ... Read more
-
CybersecurityNews
CISA Warns Of Oracle E-Business Suite SSRF Vulnerability Actively Exploited In Attacks
CISA has issued an urgent alert about a critical server-side request forgery (SSRF) vulnerability in Oracle E-Business Suite, now actively exploited by threat actors. Tracked as CVE-2025-61884, the fl ... Read more
-
Help Net Security
CISA warns of Windows SMB flaw under active exploitation (CVE-2025-33073)
CVE-2025-33073, a Windows SMB Client vulnerability that Microsoft fixed in June 2025, is being exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency ... Read more
-
hackread.com
Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p
Texas-based regional airline Envoy Air, the largest carrier operating under American Airlines, confirmed on October 17, 2025, that it fell victim to a recent wave of attacks targeting a zero-day vulne ... Read more
-
CybersecurityNews
LANSCOPE Endpoint Manager Vulnerability Let Attackers Execute Remote Code
Motex has disclosed a severe remote code execution vulnerability in its LANSCOPE Endpoint Manager On-Premise Edition. Assigned CVE-2025-61932, the flaw carries a CVSS 3.0 score of 9.8, classifying it ... Read more
-
cert.pl
Vulnerability in SIMPLE.ERP software
Vulnerability in SIMPLE.ERP software CVE ID CVE-2025-9339 Publication date 21 October 2025 Vendor Simple SA Product SIMPLE.ERP Vulnerable versions All before [email protected] Vulnerability type (CWE) Improp ... Read more