CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
seclists.org
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
Full Disclosure mailing list archives [SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files From: SBA Research Security Advisory via Fulldisclosure <ful ... Read more
-
Daily CyberSecurity
Apple Hit with Second Lawsuit Alleging AI Training Used Pirated Books from “Shadow Libraries”
After previously being accused of using pirated books to train its artificial intelligence models, Apple now faces yet another class-action lawsuit. In this latest case, Susana Martinez-Conde and Step ... Read more
-
Daily CyberSecurity
Microsoft Patches Edge IE Mode After Hackers Exploited Chakra Zero-Day for Device Takeover
After discovering that hackers were exploiting a zero-day vulnerability in the Chakra JavaScript engine used by Internet Explorer versions 9, 10, and 11, Microsoft has taken swift action to modify the ... Read more
-
Daily CyberSecurity
Critical Supply Chain Flaw: Clevo UEFI Firmware Leaked Intel Boot Guard Private Keys (CVE-2025-11577)
The CERT Coordination Center (CERT/CC) has issued a warning regarding a critical supply chain vulnerability — CVE-2025-11577 — after researchers discovered that Clevo’s UEFI firmware update packages a ... Read more
-
Daily CyberSecurity
Critical Elastic Cloud Flaw: CVE-2025-37729 (CVSS 9.1) Allows RCE via Jinjava Template Injection
Elastic has released urgent security updates for Elastic Cloud Enterprise (ECE) to patch a critical vulnerability (CVE-2025-37729) that could allow attackers with administrative access to exfiltrate s ... Read more
-
Daily CyberSecurity
RMPocalypse Flaw (CVE-2025-0033) Bypasses AMD SEV-SNP to Fully Compromise Encrypted VMs
A research team from ETH Zurich has disclosed a critical vulnerability — CVE-2025-0033, dubbed RMPocalypse — that undermines AMD’s confidential computing technology across its Zen 3, Zen 4, and Zen 5 ... Read more
-
Daily CyberSecurity
Stealth C2: Hackers Abuse Discord Webhooks for Covert Data Exfiltration in npm, PyPI, and RubyGems Supply Chain Attacks
The Socket Threat Research Team has uncovered a growing trend among malicious package developers: leveraging Discord webhooks as command-and-control (C2) endpoints to exfiltrate sensitive data from de ... Read more
-
Daily CyberSecurity
iPhone Fold Hinge Costs Drop to $70-$80, Boosting Viability for Mass Production in 2026
The long-rumored foldable iPhone — tentatively referred to as the iPhone Fold — has yet to be officially announced, but numerous reports have already surfaced detailing its production logistics and co ... Read more
-
Ars Technica
Hackers can steal 2FA codes and private messages from Android phones
STEALING CODES ONE PIXEL AT A TIME Malicious app required to make "Pixnapping" attack work requires no permissions. Samsung's S25 phones. Credit: Samsung Android devices are vulnerable to a new attack ... Read more
-
CrowdStrike.com
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications f ... Read more