Poisoned WhatsApp API package steals messages and accounts

A malicious npm package with more than 56,000 downloads masquerades as a working WhatsApp Web API library, and then it steals ...

Apache warns of 10.0-rated flaw in Tika metadata ingestion tool

Tika detects and extracts metadata from over 1,000 different file formats. Last August, Apache reported CVE-2025-54988, an 8.4 rated flaw that it warned allows an attacker to carry out XML External ...