News • Insights • Analysis
The Apache Software Foundation has released security updates addressing a vulnerability in Apache Tomcat. Tomcat is an open-source web server and servlet container that is used to deploy and serve Java-based web applications. CVE-2025-24813 is ‘deserialisation of untrusted data’ and Read More …
Cisco has released 10 security advisories addressing multiple vulnerabilities, including seven high and three medium severity advisories affecting Cisco IOS XR Software, which is a networking software system. CVE-2025-20138 is an ‘improper neutralization of special elements used in an OS Read More …
Apple has released security updates to address an exploited vulnerability in multiple Apple products. CVE-2025-24201 is an ‘out-of-bounds write’ vulnerability that could allow an attacker with maliciously crafted web content to break out of Web Content sandbox. The security update Read More …
According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution Read More …
Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists Read More …
Cisco has released a security advisory to address a vulnerability in its Secure Client for Windows. Secure Client is Cisco’s endpoint virtual private network (VPN) solution. CVE-2025-20206 has a CVSSv3 score of 7.1 and if exploited could allow an authenticated, Read More …
Google has issued updates to fix 43 vulnerabilities in Android, including two zero-days that are being actively exploited in targeted attacks. The updates are available for Android 12, 12L, 13, 14, and 15. Android vendors are notified of all issues Read More …
Broadcom has addressed three exploited vulnerabilities that, when chained, can allow an attacker to access the hypervisor through a running virtual machine. VMware’s official advisory does not include all affected product versions. VMware’s official advisory VMSA-2025-0004 includes a Response Matrix Read More …
Malwarebytes Labs recently identified a new scam targeting PayPal customers with very convincing ads and pages. Crooks are abusing both Google and PayPal’s infrastructure in order to trick victims calling for assistance to speak with fraudsters instead. Combining official-looking Google Read More …
Five vulnerabilities have been discovered within the RSync utility. RSync is a popular tool for transferring and synchronising files between different systems. RSync is commonly used in Unix-like operating systems. CVE-2024-12084 is a ‘heap-based buffer overflow’ vulnerability, with a CVSSv3 Read More …
