06.12.2025

The Hacker News 05.12.2025 16:23
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack.
The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity.
"Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an

The Hacker News 05.12.2025 14:10
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge.
The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and 19.2.1.
According

Heise Security 05.12.2025 10:32
Monitoring- und Sicherheitssoftware von Splunk ist verwundbar. Davon ist unter anderem Splunk Enterprise betroffen.

Heise Security 05.12.2025 10:16
Im Eiltempo wurde das Umsetzungsgesetz zur Netzwerk- und Informationssicherheitsrichtlinie zuletzt durch die Institutionen gebracht. Ab morgen gilt es.

Heise Security 05.12.2025 10:11
Aufgrund von laufenden Attacken sollten Admins ihre React-Server zügig auf den aktuellen Stand bringen.

The Hacker News 05.12.2025 08:14
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday released details of a backdoor named BRICKSTORM that has been put to use by state-sponsored threat actors from the People's Republic of China (PRC) to maintain long-term persistence on compromised systems.
"BRICKSTORM is a sophisticated backdoor for VMware vSphere and Windows environments," the agency said. "