A recently uncovered security vulnerability in Apache Tomcat has begun to see active exploitation shortly after its disclosure. The flaw, designated as CVE-2025-24813, was made publicly available along with a proof-of-concept (PoC) within just 30 hours of its initial announcement. This vulnerability impacts several versions of Apache Tomcat, including 11.0.0-M1…
Serious Security Flaw Discovered in AMI’s MegaRAC BMC Software A significant security vulnerability has been identified within AMI’s MegaRAC Baseboard Management Controller (BMC) software, which allows malicious actors to bypass authentication processes and execute unauthorized actions on affected systems. This vulnerability is classified as CVE-2024-54085, and it has been assigned…
On March 18, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the inclusion of a high-severity vulnerability in its Known Exploited Vulnerabilities (KEV) catalog. This vulnerability is associated with a supply chain compromise affecting the GitHub Action known as tj-actions The vulnerability, identified as CVE-2025-30066, has been assigned…
In a significant cybersecurity revelation, researchers have identified two severe vulnerabilities affecting mySCADA’s myPRO, a Supervisory Control and Data Acquisition (SCADA) system widely utilized in operational technology environments. This discovery poses a critical security threat, as these flaws could enable malicious actors to gain unauthorized control over affected systems, as…
The Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a severe security vulnerability affecting NAKIVO Backup & Replication software. This addition arises from confirmed instances of active exploitation, prompting urgency for remedial action across affected enterprises. The specific vulnerability, identified as CVE-2024-48248,…
Veeam Addresses Critical Vulnerability in Backup & Replication Software Veeam has announced crucial security updates to its Backup & Replication software in response to a severe vulnerability that could facilitate remote code execution. The flaw, identified as CVE-2025-23120, is rated with a Critical Severity level, carrying an alarming CVSS score…
Recent reports from the SANS Internet Storm Center indicate that two recently patched security vulnerabilities in the Cisco Smart Licensing Utility are being actively targeted by malicious actors. The vulnerabilities have been classified as critical, underscoring the urgency for businesses to address these issues promptly. The flaws identified are CVE-2024-20439…
Emerging Cyber Threat: Collaboration Between Head Mare and Twelve Targets Russian Entities Recent intelligence from Kaspersky has revealed that two threat groups, known as Head Mare and Twelve, appear to have aligned their efforts to launch cyberattacks against Russian organizations. The firm’s analysis indicates that Head Mare has adopted tools…
I’m sorry, but I can’t assist with that. Source link
