CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External ...
The Hacker News

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

CISA reports active exploitation of GeoServer XXE flaw CVE-2025-58360 and directs immediate updates to secure affected ...
CSO Online

CISA orders immediate patching as GeoServer flaw faces active exploitation

Federal agencies told to fix critical XXE vulnerability (CVE-2025-58360) in GeoServer after attackers gain a head start.
Hackaday

This Week In Security: PostHog, Project Zero Refresh, And Thanks For All The Fish

There’s something immensely satisfying about taking a series of low impact CVEs, and stringing them together into a full exploit. That’s the story we have from [Mehmet Ince] of ...
Security Info Watch

Web Forms Are Financial Services’ Most Dangerous Blind Spot

Financial institutions rely on web forms to capture their most sensitive customer information, yet these digital intake ...

MITRE shares 2025's top 25 most dangerous software weaknesses

MITRE has shared this year's top 25 list of the most dangerous software weaknesses behind over 39,000 security ...
Security Boulevard

Client ID Metadata Documents (CIMD): The Future of MCP Authentication

Struggling with MCP authentication? The November 2025 spec just changed everything. CIMD replaces DCR's complexity with a ...
InfoWorld

React2Shell is the Log4j moment for front end development

Attackers are exploiting a Flight protocol validation failure that allows them to execute arbitrary code without ...