Researchers warn that critical vulnerabilities in Meta's React Server Components and Next.js are under threat from botnets and state-linked adversaries. China-nexus threat groups, tracked as Earth Lamia and Jackpot Panda, attempted to exploit a vulnerability tracked as CVE-2025-55182 in React, within a few hours of the flaw being disclosed on Wednesday, according to a blog post released Thursday by CJ Moses, chief information security officer at Amazon. READ MORE...
Tri-Century Eye Care data breach A recently disclosed Tri-Century Eye Care data breach affects roughly 200,000 individuals, according to the healthcare data breach tracker maintained by the US Department of Health and Human Services (HHS). Tri-Century Eye Care provides comprehensive eye care services at several locations in Bucks County, Pennsylvania. Tri-Century Eye Care informed patients and employees that their personal information may have been compromised. READ MORE...
Apache Tika vulnerability A critical-severity vulnerability in the Apache Tika open source analysis toolkit could allow attackers to perform XML External Entity (XXE) injection attacks. Apache Tika functions as a universal parser capable of extracting information from virtually all types of files, making it a core part of indexing and analysis tools. The critical issue, tracked as CVE-2025-66516 (CVSS score of 10/10), impacts the tika-core, tika-pdf-module, and tika-parsers modules of Apache Tika. READ MORE...
Enterprises are rushing to deploy agentic systems that plan, use tools, and make decisions with less human guidance than earlier AI models. This new class of systems also brings new kinds of risk that appear in the interactions between models, tools, data sources, and memory stores. A research team from NVIDIA and Lakera AI has released a safety and security framework that tries to map these risks and measure them inside real workflows. READ MORE...