A human rights lawyer from Pakistan's Balochistan province received a suspicious link on WhatsApp from an unknown number, marking the first time a civil society member in the country was targeted by Intellexa's Predator spyware.

A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. The vulnerability lets attackers trigger an XXE injection in Apache Tika’s core, PDF, and parser modules.

The U.S. Cybersecurity and Infrastructure Security Agency on Friday formally added a critical security flaw impacting React Server Components to its Known Exploited Vulnerabilities (KEV) catalog following reports of active exploitation in the wild.

Predator spyware, developed by Intellexa, is actively being used in several countries, including Iraq and Pakistan. Researchers have found indicators likely associated with the use of Predator spyware by an entity tied to Pakistan.

Google has released an update for its Chrome browser, addressing 13 security vulnerabilities, including four high-severity issues. One critical vulnerability, CVE-2025-13633, affects the Digital Credentials feature.

GoldFactory, a financially motivated cybercriminal group, has launched a new wave of attacks in Southeast Asia, targeting mobile users in Indonesia, Thailand, and Vietnam. The group uses modified banking apps to distribute Android malware.

A critical pre-authentication RCE bug has been identified in Oracle Identity Manager’s REST WebServices. This vulnerability allows unauthenticated attackers to exploit URI and matrix parameter parsing weaknesses to execute arbitrary code.

CISA has added two new bugs to its KEV Catalog. The vulnerabilities include: 1. CVE-2025-48572: Android Framework Privilege Escalation Vulnerability 2. CVE-2025-48633: Android Framework Information Disclosure Vulnerability

The Aisuru botnet has launched over 1,300 DDoS attacks in just three months, with Cloudflare mitigating 2,867 attacks since the beginning of the year. The botnet's most significant attack peaked at 29.7 Tbps, setting a new record.

Sha1-Hulud has resurfaced with a new campaign targeting npm packages, affecting thousands of code repositories. This malware compromises development environments by trojaning npm packages.