CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External ...
SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection

CVE-2025-66516 is a critical Apache Tika vulnerability can be exploited on all platforms in XXE injection attacks via crafted ...
CSO Online

Hidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fix

Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy ...

Xournal++ 1.3.0: Note tool gets laser pointer and improved PDF export

The free Xournal++ for handwritten notes gets a laser pointer for presentations and now protects hyperlinks and comments ...
The Hacker News

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

CISA reports active exploitation of GeoServer XXE flaw CVE-2025-58360 and directs immediate updates to secure affected ...

Notepad++ updater installed malware

The updater for the open-source editor Notepad++ has installed malware on PCs. An update to Notepad++ v8.8.9 corrects this.
InfoWorld

Apache Tika hit by critical vulnerability thought to be patched months ago

CVE-2025-54988 is a weakness in the tika-parser-pdf-module used to process PDFs in Apache Tika from version 1.13 to and ...
The Hacker News

Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch

Critical XXE flaw CVE-2025-66516 affects multiple Apache Tika modules, exposing systems and requiring urgent updates.
Mid-Day

ED files chargesheet against Reliance Power, 10 others in Rs 68 crore fake bank guarantee case

ED chargesheet Reliance Power and 10 others in a Rs 68 crore fake bank guarantee case tied to a SECI tender. Probe reveals ...
Dark Reading

Apache Issues Max-Severity Tika CVE After Patch Miss

The Apache Software Foundation's earlier fix for a critical Tika flaw missed the full scope of the vulnerability, prompting ...

Nextcloud Office vs. OnlyOffice: I tested both to find the best Microsoft 365 alternative

Want an office suite that isn't tied to Microsoft 365 or even Google Workspace? These open-source options run anywhere - and one of them is perfect for you.