Update your #Apple devices ASAP. Two vulnerabilities, CVE-2025-31200 and CVE-2025-31201, have been fixed: https://support.apple.com/en-us/122282
"Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on iOS."
While iOS has been known to be targeted, the fixes are available for all Apple devices and should be installed as soon as possible.
(recordedfuture.com) Apache Tomcat: Critical Path Equivalence Vulnerability (CVE-2025-24813) NOT (yet) under active exploitation
https://www.recordedfuture.com/blog/apache-tomcat-cve-2025-24813-vulnerability-analysis
Insikt Group notes specifically that this vulnerability has not yet been observed as being actively exploited in the wild.
Summary:
This article details CVE-2025-24813, a critical path equivalence vulnerability in Apache Tomcat that allows unauthenticated remote code execution under specific conditions. The vulnerability affects multiple Tomcat versions (11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0-M1 to 9.0.98, and most 8.5.x versions). Greynoise has identified six malicious IP addresses attempting to exploit this vulnerability, targeting systems in the US, Japan, Mexico, South Korea, and Australia. Multiple proof-of-concept exploits have been published, increasing the risk of exploitation. Organizations are advised to upgrade to patched versions (11.0.3, 10.1.35, or 9.0.99) or implement network-level controls if immediate patching isn't possible.
#Cybersecurity #ThreatIntel #Tomcat #ActiveExploitation #ITW #Exploitation #Vulnerability #CVE202524813
Security researchers discover vulnerabilities in #Paragon Partition Manager driver used in #activeexploitation
The actively exploited vulnerability is tracked as CVE-2025-0289, and when exploited, allows an attacker to gain administrative privileges and to execute code. An attacker can potentially download the driver onto a device without Paragon Partition Manager installed.
Users are advised to patch ASAP, and to enable Vulnerable Driver Blocklist
Security researchers reveal #activeexploitation against #SimpleHelp RMM vulnerabilities
The vulnerabilities are tracked as CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728, and when exploited, allows an attacker to gain admin privileges
Administrators are advised to patch ASAP
pls appreciate i wore an aqua colored sweater to talk about aquabot
🚨Active exploitation attempt🚨
Akamai Security Intelligence and Response Team (SIRT) has identified a new variant of the Mirai-based Aquabot, dubbed Aquabotv3 keeping in line with the naming conventions of the first two.
it is using CVE-2024-41710, a command injection vulnerability that affects Mitel SIP models. There was a POC made public in august 2024 but this is the first time it's been seen actively seeking exploitation ITW.
not only that! This malware exhibits a behavior we have never before seen with a Mirai variant: a function (report_kill) to report back to the C2 when a kill signal was caught on the infected device.
We (we = the SIRT) have not seen any response from the C2 as of the date this was originally posted (Jan. 28, 2024).
Incredible work Larry Cashdollar and Kyle Lefton 🎉
Full technical analysis including IOCs:
https://www.akamai.com/blog/security-research/2025-january-new-aquabot-mirai-variant-exploiting-mitel-phones
#mirai #malware #activeexploitation #security #research #botnet
#Ivanti has revealed #activeexploitation against a vulnerability in its appliances
The vulnerability is tracked as CVE-2025-0282, and when exploited, allows an attacker to remotely execute code
Administrators are advised to patch ASAP
Security researchers reveal #activeexploitation of a vulnerability in #FourFaith routers
The vulnerability is tracked as CVE-2024-12856, and when exploited, allows an attacker to inject commands
Administrators are advised to reach out to their Four-Faith contacts for mitigation steps
#PaloAlto reveals #activeexploitation against vulnerability in its firewall
The vulnerability is tracked as CVE-2024-3393, and when exploited, causes the firewall to reboot
Administrators are advised to patch ASAP, or to apply mitigations if not able to patch
Security researchers reveal #activeexploitation against a critical #ApacheStruts 2 vulnerability
The vulnerability is tracked as CVE-2024-53677, and when exploited, can allow an attacker to remotely execute code
Administrators are advised to patch ASAP
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
https://thehackernews.com/2024/12/cisa-warns-of-active-exploitation-of.html
#Infosec #Security #Cybersecurity #CeptBiro #CISA #ActiveExploitation #Zyxel #ProjectSend #CyberPanel
Security researchers reveal #activeexploitation against critical vulnerability in Array Networks SSL VPN products
The vulnerability is tracked as CVE-2023-28461, and when exploited, allows an attacker to remotely execute code
Administrators are advised to patch ASAP
UPDATE: Security researchers reveal over 2000 Palo Alto firewalls have been compromised using these vulnerabilities
UPDATE: Broadcom is warning that they have observed #activeexploitation for this vulnerability
Security researchers reveal #activeexploitation against a SharePoint vulnerability
The vulnerability is tracked as CVE-2024-38094, and when exploited, allows an attacker to remotely execute code. The vulnerability was patched during July Patch Tuesday.
Administrators are advised to patch ASAP
#cybersecurity #vulnerabilitymanagement
https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html
#Mozilla has released software updates to address a critical vulnerability in #Firefox
The vulnerability is tracked as CVE-2024-9680, and when exploited, allows an attacker to run arbitrary code. Mozilla says they have reports the vulnerability is being exploited in the wild.
Users are advised to patch ASAP
#Qualcomm has released software updates to address a #zeroday vulnerability in its Digital Signal Processor service
The vulnerability is tracked as CVE-2024-43047 and when exploited, can lead to memory corruption. The vulnerability is believed to be under active exploitation. Qualcomm has released the patches to device makers.
Users are advised to patch as soon as a patch is available for their device
#Zimbra has released software updates to fix a critical vulnerability in its email server software
The vulnerability is tracked as CVE-2024-45519, and when exploited, allows an attacker to remotely execute code. Security researchers have observed active exploitation since Sept 28, 2024.
Administrators are advised to patch ASAP
#cybersecurutiy #vulnerabilitymanagement #activeexploitation
Security researchers reveal #activeexploitation against Progress #WhatsUpGold vulnerability
The vulnerability is tracked as CVE-2024-4885, and when exploited, allows an attacker to execute any code. Security researchers have observed exploitation of this vulnerability since Aug 1, 2024.
Administrators are advised to patch ASAP
Security researchers reveal threat actors are actively exploiting a VMware ESXi vulnerability
The vulnerability is tracked as CVE-2024-37085, and when exploited, allows attackers bypass authentication and gain full admin privileges
Administrators are advised to patch ASAP
Security researchers reveal #activeexploitation against vulnerability in #GeoServer GeoTools
The vulnerability is tracked as CVE-2024-36401, and when exploited, allows an attacker to execute arbitrary code
Users are advised to patch ASAP
