CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
CybersecurityNews
Monsta web-based FTP Remote Code Execution Vulnerability Exploited
A critical remote code execution vulnerability in Monsta FTP, a popular web-based FTP client used by financial institutions and enterprises worldwide. The flaw, now tracked as CVE-2025-34299, affects ... Read more
-
CrowdStrike.com
From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from ... Read more
-
CrowdStrike.com
From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from ... Read more
-
Daily CyberSecurity
Touchscreen MacBook Pro & Foldable iPhone: Apple’s “Most Pivotal Year Yet” Revealed
In addition to the upcoming satellite features for the iPhone, Bloomberg News has outlined Apple’s ambitious 2026 product roadmap, describing it as “the company’s most pivotal year yet.”According to M ... Read more
-
CrowdStrike.com
From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from ... Read more
-
Daily CyberSecurity
Zero-Click Samsung Zero-Day (CVE-2025-21042) Delivered LANDFALL Spyware Via Malicious DNG Images
Researchers from Unit 42, the threat intelligence team at Palo Alto Networks, have discovered a previously unknown Android spyware family dubbed LANDFALL, which leveraged a zero-day vulnerability (CVE ... Read more
-
Daily CyberSecurity
CVE-2025-64439: RCE Flaw Detected in LangGraph: Agent Orchestration Framework at Risk
The LangGraph project, a powerful, low-level orchestration framework trusted by major tech companies for building stateful AI agents, has issued a high-severity security advisory for a Remote Code Exe ... Read more
-
Daily CyberSecurity
High-Severity Elastic Defend Flaw (CVE-2025-37735) Allows Local Attackers to Delete Arbitrary Files as SYSTEM
Elastic has released security updates to address a serious flaw in Elastic Defend, its endpoint protection component within the Elastic Security suite. Tracked as CVE-2025-37735, the vulnerability is ... Read more
-
Daily CyberSecurity
China APT Infiltrates US Policy Nonprofit in Months-Long Espionage Campaign Using DLL Sideloading
A new investigation by the Broadcom Threat Hunter Team has uncovered a China-linked cyber espionage campaign that infiltrated a U.S.-based nonprofit organization involved in influencing U.S. governmen ... Read more
-
Daily CyberSecurity
MSP Nightmare: Medusa & DragonForce Exploit SimpleHelp RMM Flaws for SYSTEM Access
Image: Zensec A new report from Zensec has exposed a critical vulnerability in the IT supply chain, detailing how two major Ransomware-as-a-Service (RaaS) groups, Medusa and DragonForce, are actively ... Read more