Malicious VSCode extensions on Microsoft's registry drop infostealers

Two malicious extensions on Microsoft's Visual Studio Code Marketplace infect developers' machines with information-stealing ...
SecurityWeek

Critical Apache Tika Vulnerability Leads to XXE Injection

CVE-2025-66516 is a critical Apache Tika vulnerability can be exploited on all platforms in XXE injection attacks via crafted ...