511/68 Monday, December 8, 2025 A critical vulnerability in Apache Tika, tracked as CVE-2025-66516 with a maximum CVSS score of 10.0, enables attackers to perform XML External Entity (XXE) Injection across multiple components, including the core module (tika-core), the PDF module (tika-pdf-module), and the parser module (tika-parsers). Attackers can embed a crafted XFA file inside […]
510/68 Monday, December 8, 2025 Cybersecurity researchers have confirmed that the critical React2Shell (CVE-2025-55182) vulnerability is being actively exploited, exposing systems using React Server Components and related frameworks such as Next.js to unauthenticated remote code execution (RCE) via a single crafted HTTP request. At least 30 organizations worldwide have been compromised, and more than 77,000 […]
509/68 Thursday, December 4, 2025 The GlassWorm supply-chain attack campaign has resurfaced, leveraging the Microsoft Visual Studio Marketplace and the Open VSX platform to distribute more than 24 malicious extensions. These extensions impersonate popular developer tools, including Flutter, React, Tailwind, and Vue, in an attempt to trick developers into installing them. GlassWorm was first uncovered […]
508/68 Thursday, December 4, 2025 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Android Framework vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, a list of security flaws that have been confirmed as actively exploited in the wild and are subject to mandatory remediation timelines for government agencies. The newly added vulnerabilities […]
507/68 Thursday, December 4, 2025 South Korean police have arrested four individuals accused of hacking more than 120,000 internet-connected IP cameras across the country, including cameras installed in private residences and commercial buildings. The group allegedly stole live footage and recorded videos of victims’ private activities and sold the content to pornographic websites hosted abroad […]
506/68 Wednesday, December 3, 2025 Coupang, South Korea’s largest e-commerce company, has disclosed a major data breach affecting more than 33.7 million user accounts. The leaked data includes customer names, phone numbers, email addresses, physical addresses, and purchase histories. The company detected suspicious activity on November 18, and further investigation revealed that the intrusion may […]
505/68 Wednesday, December 3, 2025 Europol has announced the seizure of approximately $29 million worth of Bitcoin following the shutdown of “Cryptomixer,” a crypto-mixing service widely used to launder money and obscure financial trails linked to cybercrime. Since its launch in 2016, the platform is estimated to have mixed over €1.3 billion worth of Bitcoin. […]
504/68 Wednesday, December 3, 2025 A recent report from Koi Security has revealed a long-running cyber operation spanning over seven years, in which a threat group known as ShadyPanda turned popular and legitimate-looking browser extensions into spyware tools, with a combined total of over 4.3 million installations. High-profile examples include the well-known extension Clean Master, […]
503/68 Tuesday, December 2, 2025 Cybersecurity firm CloudSEK has uncovered a network of over 2,000 fake shopping websites impersonating major brands such as Amazon, Apple, Samsung, Dell, Ray-Ban, and Xiaomi, with the goal of defrauding consumers during Black Friday and Cyber Monday sales. The campaign appears to be a large-scale, coordinated operation, with multiple fraudulent […]
502/68 Tuesday, December 2, 2025 Cybersecurity firm Cleafy has reported the discovery of a new Android malware called Albiriox, developed by a Russian-speaking cybercriminal group and advertised on underground forums as a Malware-as-a-Service (MaaS) for $720 per month. The malware is classified as a banking trojan designed specifically for on-device fraud (ODF), enabling attackers to […]
