Apache has issued a security advisory for a newly expanded XML External Entity (XXE) vulnerability affecting multiple components of Apache Tika, the widely used content analysis toolkit. The flaw, tracked as CVE-2025-66516 and rated critical, impacting Tika’s core library, parser modules, and PDF parser module. According to Apache’s disclosure, the vulnerability allows attackers to perform

Continue Reading

Google has released a new Chrome update for Windows, macOS, and Linux. Chrome 143 will roll out over the coming days and includes a collection of security fixes, performance improvements, and general stability updates. Additional feature details are also expected in upcoming Chrome and Chromium blog posts. Chrome 143 includes 13 security fixes addressing issues

Continue Reading

Hackers are distributing legitimate remote support tools as part of new attack campaigns, tricking victims into installing applications such as LogMeIn Resolve and PDQ Connect under the guise of common utilities or software updates. Researchers at cybersecurity software and solutions provider Malwarebytes report a rise in cases where these tools are preconfigured to connect directly

Continue Reading

OpenAI experienced a security incident involving Mixpanel, one of its former analytics providers. In an announcement post, they detailed that limited user information linked to the platform.openai.com interface was exposed, and clarified that ChatGPT users were not affected, nor were OpenAI’s own systems involved. According to OpenAI, the exposure was limited to analytics data stored

Continue Reading

GreyNoise, an online security company, has launched a new public tool designed to show whether an internet connection has been involved in unwanted scanning or suspicious activity. The service, called GreyNoise IP Check, aims to make it easier for people to identify when their home network is being used by unauthorized software or compromised devices.

Continue Reading

D-Link has issued a new security notice detailing several vulnerabilities discovered in its long-retired DIR-878 home router line. Although the model reached End-of-Life and End-of-Service years ago, the company published the advisory to inform any remaining users that multiple security issues have now been confirmed across all revisions and all firmware versions of the device.

Continue Reading

A newly disclosed flaw in Perplexity’s Comet web browser has revealed that an internal API allowed hidden extensions to run commands directly on user devices, a capability beyond what modern browsers typically permit. The issue was uncovered by security researchers at SquareX, who determined that Comet included two embedded extensions with elevated privileges: an analytics

Continue Reading

Microsoft is introducing a wide range of new Windows 11 security and resiliency features designed to support the coming era of agentic computing, cloud-integrated workflows, and quantum-resistant infrastructure. These enhancements build on the Secure Future Initiative and reflect a commitment to securing not only devices, but entire digital ecosystems. Securing Agentic Workflows and MCP Integrations

Continue Reading