CSO Online

CISA orders immediate patching as GeoServer flaw faces active exploitation

Federal agencies told to fix critical XXE vulnerability (CVE-2025-58360) in GeoServer after attackers gain a head start.

CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External ...

Notepad++ updater installed malware

The updater for the open-source editor Notepad++ has installed malware on PCs. An update to Notepad++ v8.8.9 corrects this.
CSO Online

Hidden .NET HTTP proxy behavior can open RCE flaws in apps — a security issue Microsoft won’t fix

Researcher warns that many .NET applications might be vulnerable to arbitrary file writes because .NET’s HTTP client proxy ...