Hosted on MSN

CISA flags some more serious Ivanti software flaws, so patch now

CISA warns attackers chained CVE-2025-4427 and CVE-2025-4428 to breach Ivanti EPMM systems Malware was delivered via EL injection and reconstructed from Base64-encoded payloads CISA did not confirm ...
Bleeping Computer

Critical RCE flaw in Apache Tomcat actively exploited in attacks

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request.