Security Alerts

Apache Tomcat vulnerability Identified as CVE-2025-31650 posing a significant security risk.

The vulnerability tracked as CVE-2025-29810, was patched as part of Microsoft’s Apr 2025 Patch Tuesday security update cycle.

Meta warned Windows users to update the WhatsApp messaging app to 2.2450.6.

The vulnerability affects PHP versions – Below 8.1.32, Below 8.2.28, Below 8.3.18, Below 8.4.5.

Veeam RCE bug lets domain users hack backup servers, patch now; critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication.

A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited.

Windows users had been exposed to 5 zero-day in Jan and Feb. Six Windows zero-days now.

FinalDraft has been using Outlook email drafts for command-and-control communication in attacks; discovered by Elastic Security Labs that rely on malware loader named PathLoader, the FinalDraft backdoor, and multiple post-exploitation

Brand new vulnerabilities in OpenSSHnew now have patches for CVE-2025-26465 and CVE-2025-26466. The vulnerabilities allow miscreants to perform machine-in-the-middle attacks on the OpenSSH client and pre-authentication denial-of-service attacks.

A newly disclosed high-severity vulnerability in WinZip, tracked as CVE-2025-1240, enables remote attackers to execute arbitrary code on affected systems by exploiting malformed 7Z archive files.

Fortinet stated the new CVE-2025-24472 flaw added to FG-IR-24-535 is not a zero-day and was fixed in January. CVE-2024-55591 was exploited & a workaround provided.

CVE-2025-21298 is a high-severity vulnerability in OLE that enables remote code execution, with a CVSS score of 9.8.

A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users’ computers.

Microsoft Sneaky 2FA bypass attack and another 2FA bypass kit called FlowerStorm that is targeting Microsoft users cloned login pages.

Fortinet has released a security update with the fixes for 15 vulnerabilities ranging from critical to high severity.

Over 4 million systems on the internet, including VPN servers and home routers, are vulnerable to attacks due to tunneling protocol flaws.

Microsoft is investigating an ongoing MFA outage that is blocking customers from accessing Microsoft 365 Office apps.

Cybersecurity researchers at EXPMON have uncovered an intriguing “zero-day behavior” in PDF samples that leak sensitive NTLM authentication data.

Tenable urges users to update their Nessus instances to avoid a potential plugin security issue since a previous plugin update saw agents going offline.

A significant surge in brute-force attacks targeting Citrix NetScaler devices across multiple organizations.