A critical vulnerability, CVE-2025-24813, has been found in Apache Tomcat, which could let attackers execute remote code, leak sensitive data, or corrupt information. The Apache Software Foundation has released an urgent advisory, urging affected users to update right away. Apache Tomcat, a popular open-source web server and servlet container, has …

CISA included three vulnerabilities in Ivanti Endpoint Manager—CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161—in its Known Exploited Vulnerabilities catalog. Federal agencies must address these vulnerabilities by March 31, 2025, according to CISA’s directive, although no direct ransomware connection has been established. CISA updated its KEV catalog on March 10, 2025, adding three new …

Ransomware attacks reached a record high in February, surpassing previous months, according to a Cyble report. The Cyble report tracked the number of victims listed by ransomware groups on their Tor-based data leak sites (DLS), which are used to shame victims and threaten data release unless ransoms are paid. Although …

NTT Communications Corporation discovered illegal access to its facilities on February 5 and confirmed on February 6 that some information may have been leaked. An internal investigation revealed that some corporate customer service information from Order Information Distribution System may have been leaked. However, individual customer service information was not …

India’s Maharashtra Deputy Chief Minister Devendra Fadnavis disclosed alarming cyber fraud figures for Pune in 2024 during the Assembly session. The city suffered losses of Rs6,007 crore across 1,504 cybercrime cases. Cyber fraud in Pune was almost five times greater than the total losses in Mumbai, Thane, and Nagpur, which …

Cybersecurity researcher Jeremiah Fowler found that over a dozen unprotected databases from the German firm Lost and Found Software exposed 820,750 sensitive personal records about lost airport items and their owners in the U.S., Canada, and Europe. Misconfigured databases, now secured, previously exposed sensitive information such as images of lost …

Cisco Talos found that an unknown attacker has been targeting organizations in Japan since January 2025. The attacker exploited the CVE-2024-4577 vulnerability in PHP on Windows to access victims’ machines. They used the “TaoWu” plugins from the Cobalt Strike kit for further actions. A pre-configured installer script was discovered on …

SEC Consult researchers found a vulnerability in CrowdStrike’s Falcon Sensor, enabling attackers to evade detection and run malicious applications. The dubbed “Sleeping Beauty” vulnerability was reported to CrowdStrike in late 2023 but was dismissed as just a “detection gap.” The technique involved suspending the EDR processes instead of stopping them, …

As of March 4, 2025, Shadowserver found that over 41,500 internet-exposed VMware ESXi hypervisors are vulnerable to the actively exploited CVE-2025-22224. 41,500 unpatched ESXi instances represent a major part of global virtualization, especially in healthcare, finance, and telecommunications. Broadcom released an emergency update to fix a vulnerability that allows attackers …

On April 19, 2025 (Saturday), Brain Station 23 and Poridhi are jointly going to organize “AI ENGINEERING HACKATHON”. The prize money for the winners of the hackathon will be a total of 3,50,000 taka! There will be free training sessions, attractive gifts and certificates for all participants in the competition. …