A recently patched security flaw in WinRAR, the popular Windows file archiving tool, is currently being exploited by several threat groups. The vulnerability affects Windows versions of the widely used file archiving tool and involves a path traversal issue that can allow malicious files to be placed outside their intended extraction directory. When combined with

Continue Reading

Microsoft has released its latest security update for Windows 10, KB5071546, covering versions 22H2 (ESU) and 21H2 Enterprise LTSC 2021. This update continues extended servicing for organizations still operating Windows 10 and introduces several important security and reliability enhancements. Microsoft is again advising administrators and users that Secure Boot certificates used by most Windows devices

Continue Reading

Apache has issued a security advisory for a newly expanded XML External Entity (XXE) vulnerability affecting multiple components of Apache Tika, the widely used content analysis toolkit. The flaw, tracked as CVE-2025-66516 and rated critical, impacting Tika’s core library, parser modules, and PDF parser module. According to Apache’s disclosure, the vulnerability allows attackers to perform

Continue Reading

Google has released a new Chrome update for Windows, macOS, and Linux. Chrome 143 will roll out over the coming days and includes a collection of security fixes, performance improvements, and general stability updates. Additional feature details are also expected in upcoming Chrome and Chromium blog posts. Chrome 143 includes 13 security fixes addressing issues

Continue Reading

Hackers are distributing legitimate remote support tools as part of new attack campaigns, tricking victims into installing applications such as LogMeIn Resolve and PDQ Connect under the guise of common utilities or software updates. Researchers at cybersecurity software and solutions provider Malwarebytes report a rise in cases where these tools are preconfigured to connect directly

Continue Reading

OpenAI experienced a security incident involving Mixpanel, one of its former analytics providers. In an announcement post, they detailed that limited user information linked to the platform.openai.com interface was exposed, and clarified that ChatGPT users were not affected, nor were OpenAI’s own systems involved. According to OpenAI, the exposure was limited to analytics data stored

Continue Reading

GreyNoise, an online security company, has launched a new public tool designed to show whether an internet connection has been involved in unwanted scanning or suspicious activity. The service, called GreyNoise IP Check, aims to make it easier for people to identify when their home network is being used by unauthorized software or compromised devices.

Continue Reading