Collecting Cyber-News from over 60 sources

Tag: apache

The culture you can’t see is running your security operations

Jan 19, 2026 12:13 PM

Tags: apache, breach, business, compliance, control, credentials, cyber, data, email, exploit, finance, firewall, flaw, identity, intelligence, jobs, network, north-korea, phishing, risk, technology, threat, tool, training, update, vulnerability

Non-observable culture: The hidden drivers: Now we get interesting.Non-observable culture is everything happening inside people’s heads. Their beliefs about cyber risk. Their attitudes toward security. Their values and priorities when security conflicts with convenience or speed.This is where the real decisions get made.You can’t see someone’s belief that “we’re too small to be targeted” or…
Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads

Jan 15, 2026 1:12 PM

Tags: apache, flaw, risk, vulnerability

Over 387,000 users downloaded vulnerable Apache Struts versions this week. Exclusive Sonatype research reveals a high-risk flaw found by AI. Is your system at risk? First seen on hackread.com Jump to article: hackread.com/years-old-vulnerable-apache-struts-2-downloads/
Apache Struts External Entity (XXE) Injection Vulnerability S2-069 (CVE-2025-68493)

Jan 13, 2026 12:01 PM

Tags: apache, cve, cyber, data, injection, malicious, network, vulnerability

Overview Recently, NSFOCUS CERT detected that Apache issued a security bulletin to fix the Apache Struts external entity (XXE) injection vulnerability S2-069 (CVE-2025-68493); Because the XWork component of Apache Struts does not perform effective validation when parsing XML configuration, attackers can inject external entities by constructing malicious XML data to read sensitive server files, perform…The…
Critical Apache Struts 2 Flaw Could Let Attackers Steal Sensitive Data

Jan 12, 2026 11:01 AM

Tags: apache, attack, cve, cyber, data, flaw, vulnerability

A newly disclosed vulnerability in Apache Struts 2’s XWork component could expose sensitive data and open the door to denial”‘of”‘service and server”‘side request forgery (SSRF) attacks if left unpatched. The flaw, tracked as CVE-2025-68493, is rated Important and affects a wide range of Struts 2 versions, putting many Java web applications at risk. Field Details CVE ID CVE-2025-68493…
Apache NuttX Flaw Allows Attackers to Crash Embedded Systems

Jan 2, 2026 6:52 AM

Tags: advisory, apache, cyber, flaw, software, vulnerability

The Apache Software Foundation has released a security advisory addressing a memory corruption vulnerability in the Apache NuttX Real-Time Operating System (RTOS). Tracked as CVE-2025-48769, this flaw affects widely used embedded systems and could allow attackers to destabilize devices or manipulate files. The vulnerability stems from a >>Use After Free
Apache StreamPipes Flaw Lets Anyone Become Admin

Dec 31, 2025 8:52 PM

Tags: apache, flaw, vulnerability

A critical Apache StreamPipes vulnerability lets users hijack admin accounts via broken authentication. The post Apache StreamPipes Flaw Lets Anyone Become Admin appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apache-streampipes-flaw-lets-anyone-become-admin/
Critical Apache StreamPipes Flaw Allows Attackers to Take Over Admin Accounts

Dec 31, 2025 6:52 PM

Tags: advisory, apache, control, credentials, cve, cyber, data, exploit, flaw, vulnerability

Apache StreamPipes has released an urgent security advisory addressing CVE-2025-47411, a critical privilege escalation vulnerability affecting versions 0.69.0 through 0.97.0. The flaw allows attackers with legitimate non-administrator accounts to exploit the user ID creation mechanism and hijack administrator credentials, gaining full control over the streaming data platform. The Vulnerability The vulnerability stems from improper handling…
Docker Releases Free, Production-Grade Hardened Container Images

Dec 22, 2025 3:18 PM

Tags: apache, container, cyber, docker, open-source, software, supply-chain

Docker has released its production-grade hardened container images as a free, open-source offering, marking a significant shift in software supply chain security accessibility. The Docker Hardened Images (DHI), previously a commercial product, are now available under an Apache 2.0 license to all 26 million developers in the container ecosystem. The hardened images address the escalating…
Docker Hardened Images now open source and available for free

Dec 22, 2025 10:19 AM

Tags: apache, docker, open-source, software

More than a 1,000 Docker Hardened Images (DHI) are now freely available and open source for software builders, under the Apache 2.0 license. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/docker-hardened-images-now-open-source-and-available-for-free/
Apache Log4j Flaw Enables Interception of Sensitive Logging Data

Dec 19, 2025 10:19 PM

Tags: apache, cyber, data, exploit, flaw, software, update, vulnerability

The Apache Software Foundation has released a critical security update for its widely used Log4j logging library. A newly discovered vulnerability, tracked as CVE-2025-68161, allows attackers to intercept or redirect sensitive log data by exploiting a flaw in how the software establishes secure connections. The issue specifically affects the >>Socket Appender
Critical Apache Commons Text Flaw Lets Hackers Execute Remote Code

Dec 18, 2025 10:19 AM

Tags: apache, cve, cyber, flaw, hacker, remote-code-execution, risk, vulnerability

A critical remote code execution vulnerability has been discovered in Apache Commons Text, affecting all versions prior to 1.10.0. The flaw, tracked as CVE-2025-46295, poses a significant security risk to organizations relying on the widely-used Java library for text manipulation and processing. The vulnerability resides in Apache Commons Text’s interpolation features, which are designed to…
Critical Apache Commons Text Flaw Lets Hackers Execute Remote Code

Dec 18, 2025 10:19 AM

Tags: apache, cve, cyber, flaw, hacker, remote-code-execution, risk, vulnerability

A critical remote code execution vulnerability has been discovered in Apache Commons Text, affecting all versions prior to 1.10.0. The flaw, tracked as CVE-2025-46295, poses a significant security risk to organizations relying on the widely-used Java library for text manipulation and processing. The vulnerability resides in Apache Commons Text’s interpolation features, which are designed to…
Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

Dec 15, 2025 5:19 PM

Tags: apache, cve, cvss, flaw, update, vulnerability

Atlassian released security updates to address dozens of flaws, including multiple critical-severity vulnerabilities. Atlassian addressed dozens of vulnerabilities impacting its products, including multiple critical-severity issues. One of the most severe bugs is a maximum-severity XML External Entity (XXE) injection flaw, tracked as CVE-2025-66516 (CVSS score of 10/10), in Apache Tika. CVE-2025-66516 carries a maximum CVSS rating…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
December Patch Tuesday: Windows Cloud Files Mini Filter Driver hole already being exploited

Dec 10, 2025 5:33 AM

Tags: access, apache, api, attack, cloud, cve, cvss, data, email, exploit, flaw, github, identity, injection, LLM, microsoft, office, phishing, remote-code-execution, risk, sap, threat, unauthorized, update, vulnerability, windows

CVE-2025-64666, an escalation of privilege (EoP) hole allowed by improper input validation;CVE-2025-64667, which allows a threat actor to spoof over a network.While rated Important and assessed as exploitation Less/Unlikely, Walters notes that these flaws affect core messaging and identity surfaces, and can become critical when chained, such as by spoofing enabling phishing, or EoP facilitating mailbox…
Apache Tika Vulnerability Widens Across Multiple Modules, Severity Now 10.0

Dec 9, 2025 8:35 AM

Tags: advisory, apache, flaw, framework, vulnerability

A security issue disclosed in the Apache Tika document-processing framework has proved broader and more serious than first believed. The project’s maintainers have issued a new advisory revealing that a flaw previously thought to be limited to a single PDF-processing component extends across several Tika modules, widening the scope of a vulnerability first publicized in mid-2025. First seen on…
Apache Tika Vulnerability Widens Across Multiple Modules, Severity Now 10.0

Dec 9, 2025 8:35 AM

Tags: advisory, apache, flaw, framework, vulnerability

A security issue disclosed in the Apache Tika document-processing framework has proved broader and more serious than first believed. The project’s maintainers have issued a new advisory revealing that a flaw previously thought to be limited to a single PDF-processing component extends across several Tika modules, widening the scope of a vulnerability first publicized in mid-2025. First seen on…
Apache Tika Vulnerability Widens Across Multiple Modules, Severity Now 10.0

Dec 9, 2025 8:35 AM

Tags: advisory, apache, flaw, framework, vulnerability

A security issue disclosed in the Apache Tika document-processing framework has proved broader and more serious than first believed. The project’s maintainers have issued a new advisory revealing that a flaw previously thought to be limited to a single PDF-processing component extends across several Tika modules, widening the scope of a vulnerability first publicized in mid-2025. First seen on…
Warnung von Apache vor kritischer Schwachstelle in Tika-Modul

Dec 9, 2025 6:32 AM

Tags: apache, cve, cvss, software, vulnerability

Zum 4. Dezember 2025 haben die Apache-Software-Foundation vor einer kritischer Schwachstelle im Tika-Modul gewarnt. Der Schwachstelle CVE-2025-66516 wurde ein CVSS-Score von 10.0 (höchster Wert) zugewiesen. Tika erkennt und extrahiert Metadaten aus über 1.000 verschiedenen Dateiformaten. In der Mitteilung CVE-2025-66516: Apache Tika … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/12/07/warnung-von-apache-vor-kritischer-schwachstelle-in-tika-modul/
Apache Issues Max-Severity Tika CVE After Patch Miss

Dec 8, 2025 11:32 PM

Tags: advisory, apache, cve, flaw, software, update, vulnerability

The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
Apache Issues Max-Severity Tika CVE After Patch Miss

Dec 8, 2025 11:32 PM

Tags: advisory, apache, cve, flaw, software, update, vulnerability

The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
Apache Issues Max-Severity Tika CVE After Patch Miss

Dec 8, 2025 11:32 PM

Tags: advisory, apache, cve, flaw, software, update, vulnerability

The Apache Software Foundation’s earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting an updated advisory and CVE. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/apache-max-severity-tika-cve-patch-miss
Security Affairs newsletter Round 553 by Pierluigi Paganini INTERNATIONAL EDITION

Dec 7, 2025 8:32 PM

Tags: apache, api, email, international, vulnerability, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs Maximum-severity XXE vulnerability discovered in Apache…
Maximum-severity XXE vulnerability discovered in Apache Tika

Dec 6, 2025 5:32 AM

Tags: apache, cve, cvss, injection, malicious, vulnerability

A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it lets attackers trigger an XXE injection in Apache Tika’s core, PDF, and parser modules. An attacker can embed a malicious XFA file inside a PDF and…
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Dec 5, 2025 6:32 PM

Tags: apache, cve, cvss, flaw, injection, update, vulnerability

A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack.The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity.”Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an First seen…
Apache Tika Core Flaw Allows Attackers to Exploit Systems with Malicious PDF Uploads

Dec 5, 2025 4:32 PM

Tags: advisory, apache, cve, cyber, exploit, flaw, malicious, vulnerability

A newly disclosed critical vulnerability in Apache Tika could allow attackers to compromise servers by simply uploading a malicious PDF file, according to a security advisory published by Apache maintainers. Tracked asCVE-2025-66516, the flaw affectsApache Tika core,Apache Tika parsers, and theApache Tika PDF parser module. CVE ID Severity Vulnerability Type Affected Component Affected Versions CVE-2025-66516 Critical XML External…
Apache Struts Flaw Allows Attackers to Launch Disk Exhaustion Attacks

Dec 2, 2025 8:49 AM

Tags: apache, attack, cve, cyber, flaw, framework, vulnerability

A new security flaw has been found in Apache Struts, a popular open”‘source web application framework used by many companies worldwide. The issue, tracked as CVE”‘2025″‘64775, could allow attackers to fill a server’s disk space, causing it to stop working correctly. Field Details CVE ID CVE-2025-64775 Vulnerability Title Apache Struts flaw allows attackers to launch disk…
Apache SkyWalking Flaw Allows Attackers to Launch XSS Attacks

Nov 27, 2025 3:49 PM

Tags: apache, attack, cve, cyber, flaw, malicious, monitoring, tool, vulnerability, xss

A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affects all versions of SkyWalking up to 10.2.0. CVE ID Description Severity Affected Versions CVE-2025-54057 Stored XSS vulnerability in Apache SkyWalking Important Through 10.2.0…
Apache SkyWalking Flaw Allows Attackers to Launch XSS Attacks

Nov 27, 2025 3:49 PM

Tags: apache, attack, cve, cyber, flaw, malicious, monitoring, tool, vulnerability, xss

A recently discovered vulnerability in Apache SkyWalking, a popular application performance monitoring tool, could allow attackers to execute malicious scripts and launch cross-site scripting (XSS) attacks. The flaw, identified as CVE-2025-54057, affects all versions of SkyWalking up to 10.2.0. CVE ID Description Severity Affected Versions CVE-2025-54057 Stored XSS vulnerability in Apache SkyWalking Important Through 10.2.0…