A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints. […]
Critical React2Shell Flaw Added to CISA KEV After Confirmed Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday formally added a critical security flaw impacting React Server Components (RSC) to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.
The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an
The vulnerability, CVE-2025-55182 (CVSS score: 10.0), relates to a case of remote code execution that could be triggered by an
Barts Health NHS discloses data breach after Oracle zero-day hack
Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software. […]
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that wipes a user’s entire Google Drive contents, findings from Straiker STAR Labs show.
The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting them
The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate routine tasks by granting them
FBI warns of virtual kidnapping scams using altered social media photos
The FBI warns that criminals are altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. […]
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack.
The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity.
“Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an
The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity.
“Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an
In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor
Other noteworthy stories that might have slipped under the radar: Akamai patches HTTP smuggling vulnerability, Claude Skills used to execute ransomware, PickleScan flaws.
The post In Other News: X Fined €120 Million, Array Flaw Exploited, New Iranian Backdoor appeared first on SecurityWeek.
Cloudflare Outage Caused by React2Shell Mitigations
The critical React vulnerability has been exploited in the wild by Chinese and other threat actors.
The post Cloudflare Outage Caused by React2Shell Mitigations appeared first on SecurityWeek.
A Practical Guide to Continuous Attack Surface Visibility
Passive scan data goes stale fast as cloud assets shift daily, leaving teams blind to real exposures. Sprocket Security shows how continuous, automated recon gives accurate, up-to-date attack surface visibility. […]
EU fines X $140 million over deceptive blue checkmarks
The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA). […]