Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
Dec 05, 2025Ravie LakshmananApplication Security / Vulnerability A critical security flaw has…
Critical RSC Bugs in React and Next.js Allow Unauthenticated Remote Code Execution
Dec 03, 2025Ravie LakshmananVulnerability / Cloud Security A maximum-severity security flaw has…
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Nov 28, 2025Ravie LakshmananMalware / Vulnerability Cybersecurity researchers have discovered vulnerable code…
Shai-Hulud v2 Campaign Spreads From npm to Maven, Exposing Thousands of Secrets
The second wave of the Shai-Hulud supply chain attack has spilled over…
Popular Forge library gets fix for signature verification bypass flaw
A vulnerability in the ‘node-forge’ package, a popular JavaScript cryptography library, could…
CISO’s Expert Guide To AI Supply Chain Attacks
AI-enabled supply chain attacks jumped 156% last year. Discover why traditional defenses…
Vibe-Coded Malicious VS Code Extension Found with Built-In Ransomware Capabilities
Cybersecurity researchers have flagged a malicious Visual Studio Code (VS Code) extension…
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Oct 31, 2025Ravie LakshmananMalware / Secure Coding Eclipse Foundation, which maintains the…
Google’s New AI Doesn’t Just Find Vulnerabilities — It Rewrites Code to Patch Them
Oct 07, 2025Ravie LakshmananArtificial Intelligence / Software Security Google's DeepMind division on…