Rust Code Delivers Better Security, Also Streamlines DevOps
Software teams at Google and other Rust adopters see safer code when using the memory-safe language, and also fewer rollbacks and less code review.
India Rolls Back App Mandate Amid Surveillance Concerns
Remember when Apple put that U2 album in everyone’s music libraries? India wanted to do that to all of its citizens, but with a cybersecurity app. It wasn’t a good idea.
Zero-Click Agentic Browser Attack Can Delete Entire Google Drive Using Crafted Emails
A new agentic browser attack targeting Perplexity’s Comet browser that’s capable of turning a seemingly innocuous email into a destructive action that wipes a user’s entire Google Drive contents, findings from Straiker STAR Labs show. The zero-click Google Drive Wiper technique hinges on connecting the browser to services like Gmail and Google Drive to automate…
Critical XXE Bug CVE-2025-66516 (CVSS 10.0) Hits Apache Tika, Requires Urgent Patch
A critical security flaw has been disclosed in Apache Tika that could result in an XML external entity (XXE) injection attack. The vulnerability, tracked as CVE-2025-66516, is rated 10.0 on the CVSS scoring scale, indicating maximum severity. “Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an
Threat Landscape Grows Increasingly Dangerous for Manufacturers
Manufacturers are the top target for cyberattacks in 2025 because of their still-plentiful cybersecurity gaps and a lack of expertise.
React2Shell Vulnerability Under Attack from China-Nexus Groups
A maximum-severity vulnerability affecting the React JavaScript library is under attack by Chinese-nexus actors, further stressing the need to patch now.
CISOs Should Be Asking These Quantum Questions Today
As quantum quietly moves beyond lab experiment and into production workflows, here’s what enterprise security leaders should be focused on, according to Lineswala.
Chinese Hackers Have Started Exploiting the Newly Disclosed React2Shell Vulnerability
Two hacking groups with ties to China have been observed weaponizing the newly disclosed security flaw in React Server Components (RSC) within hours of it becoming public knowledge. The vulnerability in question is CVE-2025-55182 (CVSS score: 10.0), aka React2Shell, which allows unauthenticated remote code execution. It has been addressed in React versions 19.0.1, 19.1.2, and…
Sharpening the knife: GOLD BLADE’s strategic evolution
Updates include novel abuse of recruitment platforms, modified infection chains, and expansion into a hybrid operation that combines data theft and ransomware deployment
Introducing Sophos Intelix for Microsoft 365 Copilot
Bringing Sophos threat intelligence directly into Microsoft 365 Copilot.