APACHE FIXED CRITICAL RCE FLAW CVE-2023-50164 at STRUTS 2

The Apache Software Foundation fixed a critical file upload vulnerability in the Struts 2 open-source framework. This flaw, tracked as CVE-2023-50164, could allow remote code execution.

An attacker can manipulate file upload parameters to upload a malicious file and execute code on the server.

• Alert
• Vulnerabilities

CISA Adds 4 Actively Exploited Vuls to KEV Catalog

By infosecbulletin / Wednesday , February 5 2025

CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, noting they are actively being exploited. The list...

Read More

• Vulnerabilities

AMD Patches CPU Vulnerability

By infosecbulletin / Wednesday , February 5 2025

AMD announced patches on Monday for a microprocessor vulnerability that risks the loss of Secure Encrypted Virtualization (SEV) protection, potentially...

Read More

• Alert
• Cyber Attack
• Vulnerabilities

Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts

By infosecbulletin / Wednesday , February 5 2025

Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants...

Read More

• Alert
• Vulnerabilities

Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104

By infosecbulletin / Wednesday , February 5 2025

Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8)...

Read More

• Alert
• Vulnerabilities

CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability

By infosecbulletin / Tuesday , February 4 2025

Microsoft has released patches for two critical security flaws in Azure AI Face Service and Microsoft Account that could allow...

Read More

• Daily Security Update

Daily Security Update Dated:4.02.2025

By infosecbulletin / Tuesday , February 4 2025

Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so...

Read More

• Vulnerabilities

768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023

By infosecbulletin / Tuesday , February 4 2025

In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a 20% increase from 639 in...

Read More

• Cyber Attack
• Vulnerabilities

.Gov Domains Weaponized in Phishing Surge

By infosecbulletin / Monday , February 3 2025

A recent report from Cofense Intelligence highlights a concerning trend: threat actors are increasingly misusing .gov top-level domains (TLDs) to...

Read More

• Event

RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS

By infosecbulletin / Sunday , February 2 2025

The cybersecurity seminar "RedSentry presents: Hacked 101," organized by RedSentry with the University of Information Technology and Sciences (UITS) as...

Read More

• Uncategorized

US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”

By infosecbulletin / Sunday , February 2 2025

Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total...

Read More

“An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution.” reads the advisory published by Apache Software Foundation. Upgrade to Struts 2.5.33 or higher, as advised by the foundation.

Steven Seeley from Source Incite reported the vulnerability. Apache has not confirmed any active exploitation in attacks.

ALSO READ:

Mid-sized Canadian firms pay an average $1.13 million to ransomware gangs