A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it lets attackers trigger an XXE injection in Apache Tika’s core, PDF,…
New Prompt Injection Attack Vectors Through MCP Sampling
Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors. The post New Prompt Injection Attack Vectors Through MCP Sampling appeared first on Unit 42. This article has been…
Command Execution Risk Found in Cacti’s SNMP Handling
A flaw in Cacti’s SNMP handling lets attackers execute arbitrary system commands. The post Command Execution Risk Found in Cacti’s SNMP Handling appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original article: Command…
Crims using social media images, videos in ‘virtual kidnapping’ scams
Proof of life? Or an active social media presence? Criminals are altering social media and other publicly available images of people to use as fake proof of life photos in “virtual kidnapping” and extortion scams, the FBI warned on Friday. ……
China Hackers Using Brickstorm Backdoor to Target Government, IT Entities
Chinese-sponsored groups are using the popular Brickstorm backdoor to access and gain persistence in government and tech firm networks, part of the ongoing effort by the PRC to establish long-term footholds in agency and critical infrastructure IT environments, according to…
State-linked groups target critical vulnerability in React Server Components
China-nexus threat groups have already begun targeting the flaw, creating widespread risk as nearly 40% of cloud environments are potentially impacted. This article has been indexed from Cybersecurity Dive – Latest News Read the original article: State-linked groups target critical…
IT Security News Hourly Summary 2025-12-06 00h : 6 posts
6 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-12-05 22:32 : Reliability Isn’t a Feature. It’s a Commitment. 22:32 : MSL5 General Availability and MSL4 Product Retirement 22:31 : What is “React2Shell” (CVE-2025-55182)…
IT Security News Daily Summary 2025-12-05
135 posts were published in the last hour 22:32 : Reliability Isn’t a Feature. It’s a Commitment. 22:32 : MSL5 General Availability and MSL4 Product Retirement 22:31 : What is “React2Shell” (CVE-2025-55182) – in Plain English – and Why Check…
Reliability Isn’t a Feature. It’s a Commitment.
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Reliability Isn’t a Feature. It’s a Commitment.
MSL5 General Availability and MSL4 Product Retirement
Akamai Media Services Live 4 will be discontinued on December 31, 2026. The upgraded Akamai Media Services Live 5 is currently in general availability. This article has been indexed from Blog Read the original article: MSL5 General Availability and MSL4…
What is “React2Shell” (CVE-2025-55182) – in Plain English – and Why Check Point CloudGuard WAF Customers Carried on with Their Day
Note: Before we dive in, Check Point CloudGuard WAF customers were proactively protected and not affected by React2Shell. In early December 2025, the team behind React—the most widely used technology powering today’s websites and digital services—announced a critical security…
New Splunk Windows Flaw Enables Privilege Escalation Attacks
A Splunk Windows flaw lets local users overwrite protected files and escalate to SYSTEM. The post New Splunk Windows Flaw Enables Privilege Escalation Attacks appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Friday Squid Blogging: Vampire Squid Genome
The vampire squid (Vampyroteuthis infernalis) has the largest cephalopod genome ever sequenced: more than 11 billion base pairs. That’s more than twice as large as the biggest squid genomes. It’s technically not a squid: “The vampire squid is a fascinating…
Cloudflare blames Friday outage on borked fix for React2shell vuln
Security community needs to rally and share more info faster, one researcher says Amid new reports of attackers pummeling a maximum security hole (CVE-2025-55182) in the React JavaScript library, Cloudflare’s technology chief said his company took down its own network,…
Novel clickjacking attack relies on CSS and SVG
Who needs JavaScript? Security researcher Lyra Rebane has devised a novel clickjacking attack that relies on Scalable Vector Graphics (SVG) and Cascading Style Sheets (CSS).… This article has been indexed from The Register – Security Read the original article: Novel…
Security highlights from AWS re:Invent 2025
<p>Las Vegas this week welcomed more than 60,000 attendees for <a href=”https://www.techtarget.com/searchcloudcomputing/conference/A-conference-guide-to-AWS-reInvent”>AWS re:Invent</a>, and the message was clear: AWS wants to be the platform of choice for the agentic era. In fact, CEO Matt Garman opened the keynote describing AWS…
News brief: RCE flaws persist as top cybersecurity threat
<p>Remote code execution flaws are among the most prevalent and critical vulnerabilities in software today. Some of the most high-profile cybersecurity events in history — including the 2021 Log4Shell Log4j library vulnerability, the Apache Struts vulnerability that led to the…
Microsoft named a leader in the 2025 Gartner® Magic Quadrant™ for Email Security
Microsoft has been named a Leader in the 2025 Gartner® Magic Quadrant™ for Email Security, which we believe highlights the innovative capabilities of Microsoft Defender for Office 365. The post Microsoft named a leader in the 2025 Gartner® Magic Quadrant™…
Salt Security Unveils New AI-Powered Capabilities, Expanding API Visibility and Protecting Emerging MCP Infrastructure
Salt Security used the stage at AWS re:Invent this week to unveil two major enhancements to its API Protection Platform, introducing a generative AI interface powered by Amazon Bedrock and extending its behavioural threat protection to safeguard Model Context Protocol…
Microsoft Quietly Changes Windows Shortcut Handling After Dangerous Zero-day Abuse
Microsoft has changed how Windows displays information inside shortcut files after researchers confirmed that multiple hacking groups were exploiting a long-standing weakness in Windows Shell Link (.lnk) files to spread malware in real attacks. The vulnerability, CVE-2025-9491, pertains to…
Telecom Company Freedom Mobile Suffers Data Breach Resulting in Data Leak
About the incident Freedom Mobile has revealed a data breach that leaked personal information belonging to a limited number of customers. This happened after illegal access to its internal systems in late October. As per the notice sent to customers,…
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that wipes a user’s entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper…
Arizona Sues Temu Over Covert Data Harvesting Claims
Arizona’s lawsuit claims Temu’s popular app acts like spyware and harvests sensitive device data. The post Arizona Sues Temu Over Covert Data Harvesting Claims appeared first on eSecurity Planet. This article has been indexed from eSecurity Planet Read the original…
Crossing the Autonomy Threshold
Autonomous offensive cyber agents are here. Shift from human-led, reactive defense to proactive, machine-driven security for cyber resilience. The post Crossing the Autonomy Threshold appeared first on Palo Alto Networks Blog. This article has been indexed from Palo Alto Networks…