Researchers at the University of Pisa have developed a new method to maintain image signatures even after cropping, addressing a significant vulnerability in image verification. Current authentication tools often fail when an image is altered, which allows deepfake images to manipulate public opinion, spread misinformation, and impact news cycles. This innovation aims to provide a more reliable way to verify the authenticity of images, making it harder for malicious actors to exploit cropped images for deceptive purposes. The ability to verify images post-cropping could help restore trust in visual media, which is increasingly crucial in today's digital landscape where misinformation can spread rapidly. This development is particularly relevant for journalists, social media platforms, and anyone relying on visual content for information.
Articles tagged "Vulnerability"
Found 522 articles
On December 2025 Patch Tuesday, a total of 57 Common Vulnerabilities and Exposures (CVEs) were reported, including one critical zero-day vulnerability and two others that have been publicly disclosed. The zero-day is particularly concerning as it is actively exploited, meaning attackers may already be using it to compromise systems. Users and organizations running affected software should prioritize applying the latest patches to mitigate these risks. The vulnerabilities impact various products and systems, highlighting the ongoing need for vigilance in cybersecurity practices. Keeping software updated is essential to defend against potential exploitation.
The UK cyber agency has issued a warning that large language models (LLMs) will always be susceptible to prompt injection attacks, a vulnerability seen as an inherent flaw in generative AI technology. This highlights ongoing concerns within the research community regarding the security of AI systems and their potential exploitation.
Infosecurity Magazine
A data breach at Marquis Software Solutions has compromised the personal information of over 780,000 individuals across the United States due to a firewall vulnerability. This incident highlights the critical need for robust cybersecurity measures to protect sensitive data from exploitation.
AWS Security has reported that multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) within hours of its disclosure. Although this flaw does not affect AWS services, the rapid exploitation highlights the urgency for organizations to address this vulnerability to prevent potential breaches.
Infosecurity Magazine
Portugal has revised its cybercrime law to provide legal protection for security researchers, allowing them to operate without the fear of prosecution as long as they adhere to specified conditions. This change is significant for fostering a safer environment for ethical hacking and vulnerability disclosure, ultimately enhancing cybersecurity efforts in the country.
SecurityWeek
The article discusses the rising exploitation of the React vulnerability CVE-2025-55182 by threat actors. This vulnerability poses a significant risk as it is being actively targeted in various attacks, highlighting the urgency for organizations to address it promptly.
The article discusses the differences between prompt injection and SQL injection, emphasizing the potential severity of prompt injection as a cybersecurity threat. It highlights that misunderstanding these differences can undermine mitigation strategies, suggesting that prompt injection may pose unique risks that require specific attention.
The article discusses a dual campaign targeting GlobalProtect portals and SonicWall APIs, highlighting a critical XXE vulnerability found in Apache software. This vulnerability poses a significant risk, necessitating immediate attention from affected organizations to mitigate potential exploitation.
The article discusses a React vulnerability that has been reportedly exploited by attackers, leading to a debate among researchers about the existence of concrete evidence for these attacks. While some researchers claim to have seen proof of concepts demonstrating the exploit, others argue that there is insufficient evidence of actual attacks occurring, complicating the response efforts.
Barts Health NHS Trust has reported a data breach involving the Clop ransomware group, which exploited a vulnerability in the Oracle E-business Suite software to steal files from their database. This incident highlights the ongoing risks associated with unpatched software vulnerabilities and the potential for significant data loss in healthcare organizations.
The Hacker News
CVE-2025-66516A critical security vulnerability, CVE-2025-66516, has been identified in Apache Tika, posing a risk of XML external entity (XXE) injection attacks. With a CVSS score of 10.0, this flaw affects multiple modules and requires urgent attention from users to prevent exploitation.
A critical vulnerability in the React JavaScript library is currently being targeted by threat actors linked to China, highlighting the urgency for developers to implement patches. The situation underscores the importance of immediate action to secure applications using this library from potential exploitation.
The article discusses a critical vulnerability in React that has been exploited by various threat actors, leading to a significant outage at Cloudflare as they implemented mitigations against the React2Shell exploit. This incident highlights the ongoing risks associated with vulnerabilities in widely used frameworks and the need for timely responses to emerging threats.
BleepingComputer
Cloudflare has reported an outage due to the emergency patching of a critical React remote code execution vulnerability that is currently being exploited in attacks. This incident highlights the urgency and severity of addressing such vulnerabilities to maintain security and service continuity.