A dangerous new flaw has disrupted open-source identity infrastructure this week. Specifically, a severe Apache LDAP API vulnerability leaves directory clients vulnerable to interception. This specific framework provides an enhanced alternative to traditional Java...
Hacker groups have exploited a security gap in Array AG Series corporate gateways, implanting covert management micro-programs and creating fraudulent user accounts without the administrator’s knowledge. The flaw, tracked as CVE-2025-66644, enabled arbitrary command...
On 4 December 2025, the Apache Software Foundation disclosed a critical vulnerability — CVE-2025-66516, rated the maximum CVSS 10.0 — in the Apache Tika library. Because Tika underpins search engines, ECM platforms, DLP systems,...
A recently disclosed vulnerability in the 7-Zip archiver is already being weaponized in real-world attacks, according to a statement from NHS England Digital. The notice underscores that the flaw affects a widely used archival...
Hacktivists have infiltrated Canada’s critical infrastructure systems, altering control parameters across several facilities — actions that authorities warn could have led to dangerous consequences. The incident marks yet another example of cyberattacks carried out...
A new wave of phishing attacks has laid bare just how sophisticated social-engineering techniques have become. Researchers have identified an evolved variant of the FileFix attack that exploits a cache-smuggling technique to clandestinely deposit...
