Apache StreamPipes Flaw Lets Anyone Become Admin

Sometimes a breach doesn’t kick down the front door. It just changes the name on the badge.
heise online

Apache Commons Text: Code injection vulnerability in older versions

Apache Commons Text is used for processing character strings in Java apps. A critical vulnerability allows the injection of malicious code. In the “Apache Commons Text” library, developers have ...
InfoWorld

Apache Tika hit by critical vulnerability thought to be patched months ago

A security flaw in the widely-used Apache Tika XML document extraction utility, originally made public last summer, is wider in scope and more serious than first thought, the project’s maintainers ...
Jalopnik

Should You Replace Struts When You Replace Shocks?

Many auto repair shops and mechanics recommend replacing a car's struts and shocks at the same time. There is some sound reasoning behind that approach as both components can affect a car's handling, ...
Bleeping Computer

Microsoft December 2025 Patch Tuesday fixes 3 zero-days, 57 flaws

Today is Microsoft's December 2025 Patch Tuesday, which fixes 57 flaws, including one actively exploited and two publicly disclosed zero-day vulnerabilities. This Patch Tuesday also addresses three ...
Ars Technica

Admins and defenders gird themselves against maximum-severity server vuln

Security defenders are girding themselves in response to the disclosure of a maximum-severity vulnerability disclosed Wednesday in React Server, an open-source package that’s widely used by websites ...
Bleeping Computer

Critical React, Next.js flaw lets hackers execute code on servers

A maximum severity vulnerability, dubbed 'React2Shell', in the React Server Components (RSC) 'Flight' protocol allows remote code execution without authentication in React and Next.js applications.