Tag: apache

December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
Apache Tika Vulnerability Widens Across Multiple Modules, Severity Now 10.0

Dec 9, 2025 8:35 AM

Tags: advisory, apache, flaw, framework, vulnerability

A security issue disclosed in the Apache Tika document-processing framework has proved broader and more serious than first believed. The project’s maintainers have issued a new advisory revealing that a flaw previously thought to be limited to a single PDF-processing component extends across several Tika modules, widening the scope of a vulnerability first publicized in mid-2025. First seen on…
Apache Tika Vulnerability Widens Across Multiple Modules, Severity Now 10.0

Dec 9, 2025 8:35 AM

Tags: advisory, apache, flaw, framework, vulnerability

A security issue disclosed in the Apache Tika document-processing framework has proved broader and more serious than first believed. The project’s maintainers have issued a new advisory revealing that a flaw previously thought to be limited to a single PDF-processing component extends across several Tika modules, widening the scope of a vulnerability first publicized in mid-2025. First seen on…
Apache Tika Vulnerability Widens Across Multiple Modules, Severity Now 10.0

Dec 9, 2025 8:35 AM

Tags: advisory, apache, flaw, framework, vulnerability

A security issue disclosed in the Apache Tika document-processing framework has proved broader and more serious than first believed. The project’s maintainers have issued a new advisory revealing that a flaw previously thought to be limited to a single PDF-processing component extends across several Tika modules, widening the scope of a vulnerability first publicized in mid-2025. First seen on…
Warnung von Apache vor kritischer Schwachstelle in Tika-Modul

Dec 9, 2025 6:32 AM

Tags: apache, cve, cvss, software, vulnerability

Zum 4. Dezember 2025 haben die Apache-Software-Foundation vor einer kritischer Schwachstelle im Tika-Modul gewarnt. Der Schwachstelle CVE-2025-66516 wurde ein CVSS-Score von 10.0 (höchster Wert) zugewiesen. Tika erkennt und extrahiert Metadaten aus über 1.000 verschiedenen Dateiformaten. In der Mitteilung CVE-2025-66516: Apache Tika … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/07/warnung-von-apache-vor-kritischer-schwachstelle-in-tika-modul/
Apache Issues Max-Severity Tika CVE After Patch Miss

Dec 8, 2025 11:32 PM

Tags: advisory, apache, cve, flaw, software, update, vulnerability

The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
Apache Issues Max-Severity Tika CVE After Patch Miss

Dec 8, 2025 11:32 PM

Tags: advisory, apache, cve, flaw, software, update, vulnerability

The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
Apache Issues Max-Severity Tika CVE After Patch Miss

Dec 8, 2025 11:32 PM

Tags: advisory, apache, cve, flaw, software, update, vulnerability

The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
Security Affairs newsletter Round 553 by Pierluigi Paganini INTERNATIONAL EDITION

Dec 7, 2025 8:32 PM

Tags: apache, api, email, international, vulnerability, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs Maximum-severity XXE vulnerability discovered in Apache…
Maximum-severity XXE vulnerability discovered in Apache Tika

Dec 6, 2025 5:32 AM

Tags: apache, cve, cvss, injection, malicious, vulnerability

A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it lets attackers trigger an XXE injection in Apache Tika’s core, PDF, and parser modules. An attacker can embed a malicious XFA file inside a PDF and…
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Dec 5, 2025 6:32 PM

Tags: apache, cve, cvss, flaw, injection, update, vulnerability

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack.The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity.”Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an First seen…
Apache Tika Core Flaw Allows Attackers to Exploit Systems with Malicious PDF Uploads

Dec 5, 2025 4:32 PM

Tags: advisory, apache, cve, cyber, exploit, flaw, malicious, vulnerability

A newly disclosed critical vulnerability in Apache Tika could allow attackers to compromise servers by simply uploading a malicious PDF file, according to a security advisory published by Apache maintainers. Tracked asCVE-2025-66516, the flaw affectsApache Tika core,Apache Tika parsers, and theApache Tika PDF parser module. CVE ID Severity Vulnerability Type Affected Component Affected Versions CVE-2025-66516 Critical XML External…
Apache Struts Flaw Allows Attackers to Launch Disk Exhaustion Attacks

Dec 2, 2025 8:49 AM

Tags: apache, attack, cve, cyber, flaw, framework, vulnerability

A new security flaw has been found in Apache Struts, a popular open”‘source web application framework used by many companies worldwide. The issue, tracked as CVE”‘2025″‘64775, could allow attackers to fill a server’s disk space, causing it to stop working correctly. Field Details CVE ID CVE-2025-64775 Vulnerability Title Apache Struts flaw allows attackers to launch disk…
Apache SkyWalking Flaw Allows Attackers to Launch XSS Attacks

Nov 27, 2025 3:49 PM

Tags: apache, attack, cve, cyber, flaw, malicious, monitoring, tool, vulnerability, xss

A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affects all versions of SkyWalking up to 10.2.0. CVE ID Description Severity Affected Versions CVE-2025-54057 Stored XSS vulnerability in Apache SkyWalking Important Through 10.2.0…
Apache SkyWalking Flaw Allows Attackers to Launch XSS Attacks

Nov 27, 2025 3:49 PM

Tags: apache, attack, cve, cyber, flaw, malicious, monitoring, tool, vulnerability, xss

A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affects all versions of SkyWalking up to 10.2.0. CVE ID Description Severity Affected Versions CVE-2025-54057 Stored XSS vulnerability in Apache SkyWalking Important Through 10.2.0…
Apache Syncope Passwords at Risk from Newly Disclosed CVE-2025-65998

Nov 25, 2025 1:51 PM

Tags: apache, cve, flaw, identity, open-source, password, risk

A critical security flaw has been uncovered in Apache Syncope, the widely used open-source identity management system, potentially putting organizations at risk of exposing sensitive password information. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apache-syncope-cve-2025-65998-flaw/
Apache Syncope Passwords at Risk from Newly Disclosed CVE-2025-65998

Nov 25, 2025 1:51 PM

Tags: apache, cve, flaw, identity, open-source, password, risk

A critical security flaw has been uncovered in Apache Syncope, the widely used open-source identity management system, potentially putting organizations at risk of exposing sensitive password information. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apache-syncope-cve-2025-65998-flaw/
Apache Syncope Flaw Lets Attackers Access Internal Database Content

Nov 25, 2025 1:51 PM

Tags: access, apache, credentials, cyber, encryption, flaw, password, vulnerability

A security vulnerability has been identified in Apache Syncope that could allow attackers to decrypt stored passwords if they gain access to the internal database. The flaw stems from the use of a hardcoded default AES encryption key, which undermines the password protection mechanism designed to keep sensitive user credentials secure. The vulnerability affects multiple…
Apache Syncope Passwords at Risk from Newly Disclosed CVE-2025-65998

Nov 25, 2025 1:51 PM

Tags: apache, cve, flaw, identity, open-source, password, risk

A critical security flaw has been uncovered in Apache Syncope, the widely used open-source identity management system, potentially putting organizations at risk of exposing sensitive password information. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apache-syncope-cve-2025-65998-flaw/
Angeblich interne Daten gestohlen – Akira droht mit Daten-Leak von Apache OpenOffice

Nov 20, 2025 7:49 AM

Tags: apache, leak

First seen on security-insider.de Jump to article: www.security-insider.de/moeglicher-hackerangriff-auf-apache-openoffice-a-d89a3af87b8e8d85469442b3c653ade0/
Angeblich interne Daten gestohlen – Akira droht mit Daten-Leak von Apache OpenOffice

Nov 20, 2025 7:49 AM

Tags: apache, leak

First seen on security-insider.de Jump to article: www.security-insider.de/moeglicher-hackerangriff-auf-apache-openoffice-a-d89a3af87b8e8d85469442b3c653ade0/
Apache OpenOffice disputes data breach claims by ransomware gang

Nov 4, 2025 11:19 PM

Tags: apache, attack, breach, corporate, data, data-breach, ransomware, software, threat

The Apache Software Foundation disputes claims that its OpenOffice project suffered an Akira ransomware attack, after the threat actors claimed to have stolen 23 GB of corporate documents. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apache-openoffice-disputes-data-breach-claims-by-ransomware-gang/
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Modern supply-chain attacks and their real-world impact

Nov 4, 2025 9:19 AM

Tags: access, ai, apache, attack, authentication, backdoor, breach, china, control, credentials, crowdstrike, crypto, cybersecurity, data, defense, email, espionage, exploit, github, group, infection, infosec, injection, intelligence, korea, lazarus, LLM, malicious, malware, marketplace, mfa, microsoft, network, north-korea, open-source, password, phishing, pypi, qr, risk, social-engineering, software, supply-chain, tactics, theft, threat, tool, worm, zero-day

This is what modern software supply-chain attacks look like. Since the industry-shaking SolarWinds compromise of 2020, the threat landscape has changed dramatically. Early high-profile incidents targeted build servers or tampered software updates. Today’s attackers prefer a softer entry point: the humans maintaining open-source projects.In the last two years, the majority of large-scale supply-chain intrusions have…
Akira Ransomware Strikes Apache OpenOffice, Allegedly Exfiltrates 23GB of Data

Nov 1, 2025 12:19 PM

Tags: apache, breach, corporate, cyber, dark-web, data, group, leak, ransom, ransomware

The notorious Akira ransomware gang announced on October 29, 2025, that it successfully penetrated the systems of Apache OpenOffice, claiming to have exfiltrated a staggering 23 gigabytes of sensitive corporate data. The group posted details on its dark web leak site, threatening to release the stolen information unless a ransom demand is met. This incident…
Akira Ransomware Claims It Stole 23GB from Apache OpenOffice

Oct 31, 2025 12:19 AM

Tags: apache, breach, data, finance, group, ransomware

The Akira ransomware group claims to have stolen 23GB of data from Apache OpenOffice, including employee and financial records, though the breach remains unverified. First seen on hackread.com Jump to article: hackread.com/akira-ransomware-stole-apache-openoffice-data/
Apache Tomcat Path Traversal Vulnerability (CVE-2025-55752) Notice

Oct 29, 2025 11:26 AM

Tags: apache, cve, cyber, flaw, network, vulnerability

Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Tomcat path traversal vulnerability (CVE-2025-55752); This vulnerability is a flaw introduced when fixing CVE-2016-5388. Since the rewritten URL is normalized before URL decoding, if the system is configured with rewrite rules to rewrite query parameters into the URL, an authenticated…The…