CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
-
TheCyberThrone
Samsung Galaxy Zero-Day CVE-2025-21042 Exploited by LANDFALL Spyware
In recent months, a critical zero-day vulnerability identified as CVE-2025-21042 has been actively exploited on Samsung Galaxy devices, posing a significant security risk to users worldwide. This flaw ... Read more
-
Daily CyberSecurity
Critical Triofox Zero-Day (CVE-2025-12480) Under Active Exploit: Host Header Bypass Allows Unauthenticated Admin Takeover
CVE-2025-12480 exploitation chain | Image: Mandiant Threat Defense Researchers at Mandiant Threat Defense, part of Google Cloud Security Operations, have revealed that a critical unauthenticated acces ... Read more
-
Daily CyberSecurity
SuiteCRM SQL Injection Flaws (CVE-2025-64492, CVE-2025-64493) Expose Customer Data
The maintainers of SuiteCRM, the popular open-source customer relationship management (CRM) platform, have released an urgent security update addressing two significant SQL injection vulnerabilities t ... Read more
-
Daily CyberSecurity
Critical Devolutions Server Flaw (CVE-2025-12485, CVSS 9.4) Allows User Impersonation via Pre-MFA Cookie Hijacking
Devolutions, a leading provider of privileged access management (PAM) and remote connection solutions, has released an urgent security advisory addressing two serious vulnerabilities in its Devolution ... Read more
-
Daily CyberSecurity
Critical WatchGuard Firebox Flaw (CVE-2025-59396, CVSS 9.8) Allows Unauthenticated Admin SSH Takeover via Default Credentials
A critical configuration flaw (CVE-2025-59396) has been discovered in WatchGuard Firebox devices, allowing remote attackers to gain unauthorized administrative access via SSH using default credentials ... Read more
-
Daily CyberSecurity
Critical GE Vernova ICS Flaw (CVE-2025-3222, CVSS 9.3) Allows Authentication Bypass in Smallworld Master File Server
GE Vernova’s Electrification Software division has released a critical security advisory addressing a high-severity authentication vulnerability (CVE-2025-3222) in its Smallworld Master File Server (S ... Read more
-
Daily CyberSecurity
Critical Calibre Flaw (CVE-2025-64486, CVSS 9.3) Allows RCE via Malicious FB2 E-book
A critical vulnerability in Calibre, the popular cross-platform e-book manager, allows arbitrary code execution when an attacker supplies a malicious FictionBook (FB2) file. Tracked as CVE-2025-64486 ... Read more
-
CrowdStrike.com
From Domain User to SYSTEM: Analyzing the NTLM LDAP Authentication Bypass Vulnerability (CVE-2025-54918)
In September 2025, a critical vulnerability (CVE-2025-54918) was discovered affecting domain controllers running LDAP or LDAPS services. This vulnerability allows attackers to elevate privileges from ... Read more
-
CrowdStrike.com
CrowdStrike Named Overall Leader in 2025 KuppingerCole ITDR Leadership Compass
KuppingerCole recognizes CrowdStrike as the Overall Leader, achieving the top position in every evaluated category in its 2025 identity security report. CrowdStrike has been named the Overall Leader i ... Read more
-
The Hacker News
Hackers Exploiting Triofox Flaw to Install Remote Access Tools via Antivirus Feature
Nov 10, 2025Ravie LakshmananVulnerability / Incident Response Google's Mandiant Threat Defense on Monday said it discovered n-day exploitation of a now-patched security flaw in Gladinet's Triofox fi ... Read more