**Apache Warns of 10.0-Rated Flaw in Tika Metadata Ingestion Tool**
The Apache Foundation has issued a critical warning regarding a 10.0-rated flaw in its Tika toolkit, which detects and extracts metadata from over 1,000 different file formats.
According to the advisory, the vulnerability (CVE-2025-66516) allows an attacker to carry out XML External Entity injection via a crafted XFA file inside a PDF. This is a related issue to CVE-2025-54988, an 8.4-rated flaw that was previously reported and fixed in August last year.
However, the new advisory reveals that users who upgraded the tika-parser-pdf-module but did not upgrade tika-core to >= 3.2.2 would still be vulnerable. The org's original report "failed to mention that in the 1.x Tika releases, the PDFParser was in the org.apache.tika:tika-parsers module," making it a more complex issue than initially thought.
Tika's developers have since tidied things up in recent releases, but this new flaw is a major concern for users who rely on the tool. The Apache Foundation advises upgrading to the latest version of Tika to mitigate the risk.
**New Kind of DDoS Erupts from the Americas**
Cybersecurity firm OVH has reported a surge in Distributed Denial-of-Service (DDoS) attacks originating from the United States and South America, with sizes reaching up to 15-16 Tbps. To combat this growing threat, OVH is adding 2-3 Tbps of DDoS protection capacity weekly.
OVH CEO Octave Klaba stated that the company aims to deploy 100 Tbps of DDoS-deflectors ASAP to defend its operations against these increasing attacks. This development highlights the ongoing cat-and-mouse game between cyber attackers and defenders, with OVH working tirelessly to stay ahead of the threat.
**Cyber Deterrence and Response Act Resurfaces**
Republican Representative August Pfluger has introduced The Cyber Deterrence and Response Act, which proposes granting the National Cyber Director formal authority to identify and sanction threat actors. This bill aims to establish a government-wide process for cyber attribution, including defining evidentiary standards and verification methods.
Pfluger's office explained that this method would align various agencies under a single set of rules to ensure accurate attribution. The bill also includes provisions for private company contributions and mandates threat sharing with international allies.
**NIST Wants YOU to Secure Your IoT Devices**
The National Institute of Standards and Technology's Cybersecurity Center of Excellence has published three new IoT onboarding publications to help secure sensitive kit. These documents cover topics such as secure provisioning, device network layer onboarding, and IoT device lifecycle management.
NIST emphasizes the importance of securing IoT devices, which are often built without regard for their potential to be an ingress point for attacks. By following these guidelines, organizations can prevent such problems and protect themselves from cyber threats.
**Predator Spyware Maker Still Going Strong**
Despite being sanctioned by the United States and forced out of Europe, Intellexa, makers of the Predator commercial spyware, continues to operate with impunity. A report from Google's Threat Intelligence Group concluded that Intellexa has "adapted, evaded restrictions, and continues selling digital weapons to the highest bidders."
Predator functions similarly to Pegasus spyware, allowing users to install software on targets' devices. Of the 70 zero-day vulnerabilities discovered by Google threat hunters since 2021, Intellexa is responsible for 15 unique ones.
**DoJ Takes Down Another Crypto Fraud Website**
The Justice Department's Scam Center Task Force has seized Tickmilleas.com, a platform that mimicked legitimate trading site Tickmill. The scam site promised big returns and fake account balances to trick victims into depositing cash on the platform.
Tickmilleas.com was believed to be affiliated with Chinese organized criminal gangs and Burma-based scam centers. The seizure comes less than three weeks after the DoJ stood up the Scam Center Task Force, which continues to target scam centers proliferating in Asia and elsewhere in the world.