A recently uncovered security vulnerability in Apache Tomcat has begun to see active exploitation shortly after its disclosure. The flaw, designated as CVE-2025-24813, was made publicly available along with a proof-of-concept (PoC) within just 30 hours of its initial announcement. This vulnerability impacts several versions of Apache Tomcat, including 11.0.0-M1…
On March 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of a high-severity vulnerability in its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability is associated with a supply chain compromise affecting the GitHub Action known as tj-actions The vulnerability, identified as CVE-2025-30066, has been assigned…
This week’s cybersecurity update delves into various evolving threats, including a sophisticated phishing technique used by Russian threat actors. Covering issues from device code phishing to cloud-based attacks, this summary transforms complex technicalities into comprehensible insights, tailored for tech-savvy professionals. ⚡ Threat of the Week The recent disclosure from Microsoft…
In the realm of cybersecurity, last week’s developments showcased a significant range of incidents and insights. These events reflect the evolving landscape of cyber threats and the pressing need for vigilance among businesses and professionals. A critical incident involved Salesloft Drift, where attackers gained unauthorized access through the company’s GitHub…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially incorporated two significant six-year-old vulnerabilities affecting the Sitecore Content Management System and Experience Platform into its Known Exploited Vulnerabilities (KEV) catalog. This addition follows credible evidence indicating that these flaws are being actively targeted by malicious actors. The first vulnerability,…
U.S. Senator Ron Wyden has called on the Federal Trade Commission (FTC) to investigate Microsoft following its role in a significant ransomware attack on Ascension Hospital, resulting in the exposure of 5.6 million patient records. In a letter dated September 10, 2025, Senator Wyden criticized Microsoft’s software, claiming it facilitated…
CISA Reveals New Vision for CVE Program Amid Funding Concerns Chris Riotta (@chrisriotta) • September 11, 2025 Image: Mitre/Shutterstock/ISMG The Cybersecurity and Infrastructure Security Agency (CISA) has announced an updated vision for its Common Vulnerabilities and Exposures (CVE) program, a crucial system for tracking vulnerabilities worldwide. Despite the agency’s objectives,…
On March 10, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of five new vulnerabilities affecting Advantive VeraCore and Ivanti Endpoint Manager (EPM) in its Known Exploited Vulnerabilities (KEV) catalog, following confirmed cases of exploitation in the wild. This escalation emphasizes a heightened risk for organizations…
VMware Addresses Ransomware Attacks Targeting ESXi Servers On Monday, VMware announced that it has not detected any activity regarding the exploitation of an undisclosed zero-day vulnerability in its software amid a global wave of ransomware assaults. The company clarified that reports indicate attackers are primarily targeting End of General Support…
