Experimental News Clipping Site

Tag: CVE

  • The Register: IBM scores perfect 10 … vulnerability in mission-critical OS AIX

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/19/ibm_aix_critical_vulnerabilities/ Source: The Register Title: IBM scores perfect 10 … vulnerability in mission-critical OS AIX Feedly Summary: Big Blue’s workstation workhorse patches hole in network installation manager that could let the bad guys in IBM “strongly recommends" customers running its Advanced Interactive eXecutive (AIX) operating system apply patches after disclosing two critical vulnerabilities,…

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/18/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability These types of vulnerabilities are frequent…

  • Alerts: Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066 Source: Alerts Title: Supply Chain Compromise of Third-Party GitHub Action, CVE-2025-30066 Feedly Summary: A popular third-party GitHub Action, tj-actions/changed-files (tracked as CVE-2025-30066), was compromised. This GitHub Action is designed to detect which files have changed in a pull request or commit. The supply chain compromise allows for information disclosure of secrets including,…

  • The Register: ‘Dead simple’ hijacking hole in Apache Tomcat ‘now actively exploited in the wild’

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/18/apache_tomcat_java_rce_flaw/ Source: The Register Title: ‘Dead simple’ hijacking hole in Apache Tomcat ‘now actively exploited in the wild’ Feedly Summary: One PUT request, one poisoned session file, and the server’s yours A trivial flaw in Apache Tomcat that allows remote code execution and access to sensitive files is said to be under attack…

  • The Register: FCC stands up Council on National Security to fight China in ways that CISA used to

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/03/16/infosec_news_in_brief/ Source: The Register Title: FCC stands up Council on National Security to fight China in ways that CISA used to Feedly Summary: PLUS: Alleged Garantex admin arrested in India; Google deletes more North Korean malware Infosec In Brief United States Federal Communications Commission chair Brendan Carr has unveiled plans to form a…

  • Schneier on Security: TP-Link Router Botnet

    by

    Kurt Seifried
    in

    Source URL: https://www.schneier.com/blog/archives/2025/03/tp-link-router-botnet.html Source: Schneier on Security Title: TP-Link Router Botnet Feedly Summary: There is a new botnet that is infecting TP-Link routers: The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked…