Security News

Stealthy Apache Tomcat Critical Exploit Bypasses Security Filters: Are You at Risk?
2025-03-19 16:30

By simply sending HTTP requests, attackers can trigger the deserialisation of malicious data in Tomcat's session storage and gain control.

Critical mySCADA myPRO Flaws Could Let Attackers Take Over Industrial Control Systems
2025-03-19 06:59

Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT)...

Critical AMI MegaRAC bug can let attackers hijack, brick servers
2025-03-18 15:29

​A new critical severity vulnerability found in American Megatrends International's MegaRAC Baseboard Management Controller (BMC) software can let attackers hijack and potentially brick vulnerable...

New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking
2025-03-18 13:31

A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out...

Critical RCE flaw in Apache Tomcat actively exploited in attacks
2025-03-17 13:29

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. [...]

GitLab patches critical authentication bypass vulnerabilities
2025-03-13 16:13

GitLab released security updates for Community Edition (CE) and Enterprise Edition (EE), fixing nine vulnerabilities, among which two critical severity ruby-saml library authentication bypass flaws. [...]

CISA: Medusa ransomware hit over 300 critical infrastructure orgs
2025-03-12 19:26

CISA says the Medusa ransomware operation has impacted over 300 organizations in critical infrastructure sectors in the United States until last month. [...]

Choose your own Patch Tuesday adventure: Start with six zero day fixes, or six critical flaws
2025-03-12 01:24

Microsoft tackles 50-plus security blunders, Adobe splats 3D bugs, and Apple deals with a doozy Patch Tuesday Microsoft’s Patch Tuesday bundle has appeared, with a dirty dozen flaws competing for...

Critical PHP RCE vulnerability mass exploited in new attacks
2025-03-11 14:26

Threat intelligence company GreyNoise warns that a critical PHP remote code execution vulnerability that impacts Windows systems is now under mass exploitation. [...]

CISA tags critical Ivanti EPM flaws as actively exploited in attacks
2025-03-11 13:01

CISA warned U.S. federal agencies to secure their networks against attacks exploiting three critical vulnerabilities affecting Ivanti Endpoint Manager (EPM) appliances. [...]