Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
Dec 05, 2025Ravie LakshmananApplication Security / Vulnerability A critical security flaw has been disclosed in Apache Tika that could result...
2025Ravie
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Dec 05, 2025Ravie LakshmananVulnerability / Software Security Two hacking groups with ties to China have been observed weaponizing the newly...
JPCERT Confirms Active Command Injection Attacks on Array AG Gateways
Dec 05, 2025Ravie LakshmananVulnerability / Network Security A command injection vulnerability in Array Networks AG Series secure access gateways has...
ThreatsDay Bulletin: Wi-Fi Hack, npm Worm, DeFi Theft, Phishing Blasts— and 15 More Stories
Dec 04, 2025Ravie LakshmananCybersecurity / Hacking News Think your Wi-Fi is safe? Your coding tools? Or even your favorite financial...
Record 29.7 Tbps DDoS Attack Linked to AISURU Botnet with up to 4 Million Infected Hosts
Dec 04, 2025Ravie LakshmananDDoS Attacks / Network Security Cloudflare on Wednesday said it detected and mitigated the largest ever distributed...
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
Dec 03, 2025Ravie LakshmananVulnerability / Cloud Security A maximum-severity security flaw has been disclosed in React Server Components (RSC) that,...
Picklescan Bugs Allow Malicious PyTorch Models to Evade Scans and Execute Code
Dec 03, 2025Ravie LakshmananMachine Learning / Vulnerability Three critical security flaws have been disclosed in an open-source utility called Picklescan...
Malicious Rust Crate Delivers OS-Specific Malware to Web3 Developer Systems
Dec 03, 2025Ravie LakshmananMalware / Web3 Security Cybersecurity researchers have discovered a malicious Rust package that's capable of targeting Windows,...
India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse
Dec 02, 2025Ravie LakshmananRegulatory Compliance / Online Safety India's Department of Telecommunications (DoT) has issued directions to app-based communication service...
GlassWorm Returns with 24 Malicious Extensions Impersonating Popular Developer Tools
Dec 02, 2025Ravie LakshmananMalware / Blockchain The supply chain campaign known as GlassWorm has once again reared its head, infiltrating...
Malicious npm Package Uses Hidden Prompt and Script to Evade AI Security Tools
Dec 02, 2025Ravie LakshmananAI Security / Software Supply Chain Cybersecurity researchers have disclosed details of an npm package that attempts...
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
Dec 02, 2025Ravie LakshmananMobile Security / Vulnerability Google on Monday released monthly security updates for the Android operating system, including...
India Orders Phone Makers to Pre-Install Sanchar Saathi App to Tackle Telecom Fraud
Dec 01, 2025Ravie LakshmananSurveillance / National Security India's telecommunications ministry has reportedly asked major mobile device manufacturers to preload a...
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Dec 01, 2025Ravie LakshmananHacking News / Cybersecurity Hackers aren't kicking down the door anymore. They just use the same tools...
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
Dec 01, 2025Ravie LakshmananMalware / Threat Intelligence The threat actor known as Tomiris has been attributed to attacks targeting foreign...
