VulnHub

A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.

A critical vulnerability in the React JavaScript library is currently being targeted by threat actors linked to China, highlighting the urgency for developers to implement patches. The situation underscores the importance of immediate action to secure applications using this library from potential exploitation.

The article discusses a critical vulnerability in React that has been exploited by various threat actors, leading to a significant outage at Cloudflare as they implemented mitigations against the React2Shell exploit. This incident highlights the ongoing risks associated with vulnerabilities in widely used frameworks and the need for timely responses to emerging threats.

Cloudflare has reported an outage due to the emergency patching of a critical React remote code execution vulnerability that is currently being exploited in attacks. This incident highlights the urgency and severity of addressing such vulnerabilities to maintain security and service continuity.

The article discusses a critical vulnerability in React, identified as CVE-2025-55182, which affects only instances utilizing a newer feature. The researcher warns that exploitation of this vulnerability is expected in the wild, emphasizing the urgency for affected users to take action.

Yearn Finance's yETH pool experienced a significant security breach due to a critical vulnerability, resulting in the theft of approximately $9 million. This incident highlights the ongoing risks associated with decentralized finance platforms and the need for robust security measures.

The article discusses the increased risk of ransomware attacks targeting enterprises during off-hours, weekends, and holidays when security teams are less available. This trend highlights the vulnerability of organizations to cyber threats during periods of reduced staffing and response capabilities, emphasizing the need for continuous security measures and preparedness.

Three critical zero-day vulnerabilities in PickleScan have been identified, impacting Python and PyTorch. These flaws enable undetected attacks on AI model supply chains, posing significant risks to data integrity and security.

Google has addressed 51 vulnerabilities in Android, including two high-severity flaws (CVE-2025-48633 and CVE-2025-48572) that are potentially under targeted exploitation. Both vulnerabilities impact the Android Framework, which is essential for app development, and could allow malicious applications to access sensitive information.