active exploitation – Threat Note

From Cyber Security News – Apache Tomcat Vulnerability (CVE-2025-24813) Exploited to Execute Code on Servers

A critical vulnerability in Apache Tomcat has been actively exploited by attackers to achieve remote code execution (RCE) on vulnerable servers. This vulnerability affects versions 9.0.0-M1 to 9.0.98, 10.1.0-M1 to…

shaikh Saqib March 30, 2025

News

From The Hacker News – Ongoing Cyber Attacks Exploit Critical Vulnerabilities in Cisco Smart Licensing Utility

Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below - CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an

shaikh Saqib March 21, 2025

News

From The Hacker News – CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to

shaikh Saqib March 20, 2025

News

From The Hacker News – VMware Security Flaws Exploited in the Wild—Broadcom Releases Urgent Patches

Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. The list of vulnerabilities is as follows - CVE-2025-22224 (CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with

shaikh Saqib March 4, 2025

Vulnerabilities

From Cybersecurity Help – Cyber Security Week in review: February 21, 2025

In brief: BlackBasta's chat logs leak online, Russian hackers increasingly target Signal for espionage, and more Read More

shaikh Saqib February 21, 2025

Vulnerabilities

From Cybersecurity Help – Recently patched PAN OS firewall bug actively exploited in the wild

GreyNoise had detected exploit attempts originating from nearly 30 unique IP addresses. Read More

shaikh Saqib February 19, 2025