CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
Hackers Actively Exploiting WordPress Plugin Vulnerability to Gain Admin Access
Over the past two months, threat actors have weaponized a critical authentication bypass flaw in the Service Finder Bookings WordPress plugin, enabling them to hijack any account on compromised sites. ... Read more
-
BleepingComputer
Hackers now use Velociraptor DFIR tool in ransomware attacks
Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. Cisco Talos researchers assess with medium c ... Read more
-
The Register
Crims had 3-month head start on defenders in Oracle EBS invasion
The raid on Oracle E-Business Suite (EBS) likely began as early as July - about three months before any public detections - with extortionists compromising "dozens" of organizations, a Google investig ... Read more
-
AttackIQ
Response to Oracle Security Alert Advisory: Oracle E-Business Suite Pre-Auth RCE (CVE-2025-61882)
On October 4, 2025, Oracle published a Security Alert Advisory addressing the CVE-2025-61882 vulnerability in Oracle E-Business Suite (EBS). This vulnerability allows unauthenticated attackers to exec ... Read more
-
BleepingComputer
RondoDox botnet targets 56 n-day flaws in worldwide attacks
A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. The attacker focuses on ... Read more
-
CrowdStrike.com
CrowdStrike Identifies Campaign Targeting Oracle E-Business Suite via Zero-Day Vulnerability (now tracked as CVE-2025-61882)
CrowdStrike is tracking a mass exploitation campaign almost certainly leveraging a novel zero-day vulnerability — now tracked as CVE-2025-61882 — targeting Oracle E-Business Suite (EBS) applications f ... Read more
-
Help Net Security
Legit tools, illicit uses: Velociraptor, Nezha turned against victims
Threat actors are using an increasing variety of commercial and open-source products to carry out their attacks: according to researchers, Velociraptor and Nezha are the latest additions to their atta ... Read more
-
security.nl
Google: Oracle EBS-lek gebruikt voor grootschalige afpersingscampagne
Een kritieke kwetsbaarheid in Oracle E-Business Suite (EBS) is sinds 9 augustus misbruikt voor een grootschalige afpersingscampagne door criminelen, zo laat Google in een analyse weten. Oracle kwam op ... Read more
-
Google Cloud
Oracle E-Business Suite Zero-Day Exploited in Widespread Extortion Campaign
Written by: Peter Ukhanov, Genevieve Stark, Zander Work, Ashley Pearson, Josh Murchie, Austin Larsen Introduction Beginning Sept. 29, 2025, Google Threat Intelligence Group (GTIG) and Mandiant began t ... Read more
-
CybersecurityNews
Hackers Exploit DFIR Tool ‘Velociraptor’ in Ransomware Attacks
Security researchers at Cisco Talos have confirmed that ransomware operators are actively exploiting Velociraptor, an open-source digital forensics and incident response (DFIR) tool, in their attacks. ... Read more