Apache Tomcat CGI Servlet Flaw Bypasses Security
A newly discovered security vulnerability, identified as CVE-2025-46701, has been found in Apache Tomcat’s CGI servlet implementation. This flaw allows attackers to bypass configured security constraints under specific conditions, potentially [...]
PureHVNC RAT Evades Defenses with Fake Jobs & PowerShell
Netskope Threat Labs has uncovered a stealthy malware campaign delivering the PureHVNC Remote Access Trojan (RAT), using a multi-layer infection chain designed to evade modern security tools. Active throughout 2024, [...]
Nifty[.]com Infrastructure Exploited in Phishing Attack
Between April and May 2025, threat actors launched a multi-wave phishing campaign by exploiting the trusted infrastructure of Nifty[.]com, a major Japanese ISP. Instead of spoofing domains, they registered free [...]
Cloud Devices Under Attack: 251 IPs Exploit 75 Flaws
On May 8, 2025, cybersecurity analysts at GreyNoise identified a large-scale and tightly coordinated scanning campaign that swept across 75 known exposure points on the internet—all within a 24-hour window. [...]
Evertz SDN Vulnerability Allows Arbitrary Command Execution
A critical vulnerability (CVE-2025-4009) was found in Evertz’s Software Defined Video Network (SDVN) products, allowing attackers to run remote code without logging in. Evertz SDN Vulnerability Discovered by ONEKEY Research [...]
Get Social