The article discusses CVE-2025-66516, a severe vulnerability in Apache Tika that can lead to XML External Entity (XXE) attacks. This flaw affects several Tika components and allows attackers to inject malicious files, posing serious risks to systems if not patched immediately. Users are urged to update all affected modules to mitigate the threat.

The Apache Software Foundation rejected the Akira ransomware gang's assertion that they stole 23 GB of data from OpenOffice, including sensitive employee and financial information. Apache insists it does not have the data claimed and found no evidence of a breach.

The article discusses vulnerabilities in Apache Airflow versions before 3.1.6 that can leak sensitive authentication credentials and secrets through logs and user interfaces. Two specific issues allow unauthorized users to access proxy credentials and display sensitive information in the web UI, posing risks to organizations. Immediate upgrades are recommended to mitigate these threats.

A critical vulnerability in Apache ActiveMQ has been exploited, allowing attackers to execute arbitrary code remotely. The flaw, identified as CVE-2025-XXXX, poses significant risks for users who have not applied the necessary security updates, making it imperative for organizations to secure their installations immediately.

A critical remote code execution vulnerability (CVE-2025-30065) has been found in all versions of Apache Parquet up to 1.15.0, allowing attackers to exploit specially crafted Parquet files for malicious purposes. Users are urged to upgrade to version 1.15.1 to mitigate the risk, which is particularly significant for big data environments and analytics systems that rely on Parquet files. Although no active exploitation has been reported yet, the potential for severe impact remains high due to the widespread use of this format.