SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection

CVE-2025-66516 is a critical Apache Tika vulnerability can be exploited on all platforms in XXE injection attacks via crafted ...

Aadhaar misuse? mAadhaar's new tools help you see and selectively share

For most individuals, Aadhaar is used frequently, banking, EPFO updates, mobile SIM verification, e-KYC for investments, ...
InfoWorld

Apache Tika hit by critical vulnerability thought to be patched months ago

CVE-2025-54988 is a weakness in the tika-parser-pdf-module used to process PDFs in Apache Tika from version 1.13 to and ...
The Hacker News

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Critical XXE flaw CVE-2025-66516 affects multiple Apache Tika modules, exposing systems and requiring urgent updates.
CSO Online

Hidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fix

Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy ...
Dark Reading

Apache Issues Max-Severity Tika CVE After Patch Miss

The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting ...

Notepad++ updater installed malware

The updater for the open-source editor Notepad++ has installed malware on PCs. An update to Notepad++ v8.8.9 corrects this.
The Hacker News

Silver Fox Uses Fake Microsoft Teams Installer to Spread ValleyRAT Malware in China

Silver Fox targets China with a fake Teams installer that delivers ValleyRAT malware through an SEO poisoning attack.

Really Simple Licensing spec lets web publishers demand their due from AI scrapers

The specification includes an XML vocabulary for describing content usage, licensing, and legal terms of service. The RSL ...
The Register on MSN

Microsoft won’t fix .NET RCE bug affecting slew of enterprise apps, researchers say

Devs and users should know better, Microsoft tells watchTowr Security researchers have revealed a .NET security flaw thought ...
Mid-Day

‘I’m so thankful’: Mumbai commuter gets lost iPhone back with help of railway cops

Grateful commuter Pranay Bhagat praises railway cops after they trace and return his newly purchased iPhone, lost on a CSMT ...
Mid-Day

ED files chargesheet against Reliance Power, 10 others in Rs 68 crore fake bank guarantee case

ED chargesheet Reliance Power and 10 others in a Rs 68 crore fake bank guarantee case tied to a SECI tender. Probe reveals ...