Apache Tika hit by critical vulnerability thought to be patched months ago
CSO Online 08.12.2025 19:56
A security flaw in the widely-used Apache Tika XML document extraction utility, originally made public last summer, is wider in scope and more serious than first thought, the project’s maintainers have warned.
Their new alert relates to two entwined flaws, the first CVE-2025-54988 from August, rated 8.4 in severity, and the second, CVE-2025-66516 made public last week, rated 10.
Neuer DDoS-Spitzenwert: 29,7 Terabit pro Sekunde
Heise Security 08.12.2025 13:29
Cloudflare hat einen Quartalsbericht zu Angriffen im Quartal 3/2025 vorgelegt. Es gab einen neuen DDoS-Rekordwert: 29,7 TBit/s.
React2Shell Under Active Exploitation by China-Nexus Hackers
Infosecurity Magazine 08.12.2025 11:50
React2Shell (CVE-2025-55182) is under active exploitation by Earth Lamia and Jackpot Panda, risking over two million instances worldwide
Sneeit WordPress RCE Exploited in the Wild While ICTBroadcast Bug Fuels Frost Botnet Attacks
The Hacker News 08.12.2025 09:15
A critical security flaw in the Sneeit Framework plugin for WordPress is being actively exploited in the wild, per data from Wordfence.
The remote code execution vulnerability in question is CVE-2025-6389 (CVSS score: 9.8), which affects all versions of the plugin prior to and including 8.3. It has been patched in version 8.4, released on August 5, 2025. The plugin has more than 1,700 active
Sicherheitsupdates: Apache HTTP Server und Tika sind verwundbar
Heise Security 08.12.2025 08:25
Mehrere Schwachstellen bedrohen Apache HTTP Server und Tika. Angreifer können unter anderem Dienste lahmlegen.
Attacken laufen bereits: Rund 29.000 Server über React-Lücke angreifbar
Golem 08.12.2025 08:00
Angreifer attackieren eine React2Shell genannte kritische Lücke im React-Framework. Allein in Deutschland gibt es noch über 3.000 anfällige Server. (Sicherheitslücke, Server)