Apache Tomcat has addressed three critical denial-of-service (DoS) vulnerabilities that could allow malicious actors to disrupt web applications and services. These security flaws, tracked as CVE-2025-52434, CVE-2025-52520, and CVE-2025-53506, affect all Apache Tomcat versions from 9.0.0.M1 to 9.0.106. The vulnerabilities…
Tag: Cyber Security News
KB5062554 – Microsoft Releases Cumulative Update for Windows 10 With July 2025 Patch Tuesday
Microsoft rolled out its latest cumulative update for Windows 10, version 21H2 and 22H2, as well as Windows 10 Enterprise LTSC 2021 and Windows 10 IoT Enterprise LTSC 2021. The update, identified as KB5062554 (OS Builds 19044.6093 and 19045.6093), includes…
Microsoft Remote Desktop Client Vulnerability Let Attackers Execute Remote Code
A critical security vulnerability in Microsoft Remote Desktop Client could allow attackers to execute arbitrary code on victim systems. The vulnerability, designated as CVE-2025-48817, affects multiple versions of Windows and poses significant security risks for organizations that rely on Remote…
10 Best Secure Web Gateway Vendors In 2025
In 2025, the need for robust secure web gateways (SWGs) has never been greater. As organizations shift to hybrid work, cloud-first strategies, and digital transformation, threats targeting web traffic have grown in sophistication. Secure web gateways are now a foundational…
Microsoft SQL Server 0-Day Vulnerability Exposes Sensitive Data Over Network
A critical information disclosure vulnerability in Microsoft SQL Server, designated as CVE-2025-49719, allows unauthorized attackers to access sensitive data over network connections. This vulnerability stems from improper input validation within SQL Server’s processing mechanisms, enabling attackers to disclose uninitialized memory…
10 Best Advanced Endpoint Security Tools – 2025
In today’s digital-first business landscape, advanced endpoint security is not just a luxury it’s a necessity. As organizations expand their operations across cloud, remote, and hybrid environments, every endpoint becomes a potential target for cybercriminals. From sophisticated ransomware to zero-day…
TA829 Hackers Employs New TTPs and Upgraded RomCom Backdoor to Evade Detections
The cybersecurity landscape faces a renewed threat as TA829, a sophisticated threat actor group, has emerged with enhanced tactics, techniques, and procedures (TTPs) alongside an upgraded version of the notorious RomCom backdoor. This hybrid cybercriminal-espionage group has demonstrated remarkable adaptability,…
FileFix Attack Exploits Windows Browser Features to Bypass Mark-of-the-Web Protection
A sophisticated new variation of cyberattacks emerged in July 2025, exploiting a critical vulnerability in how Chrome and Microsoft Edge handle webpage saving functionality. The attack, dubbed “FileFix 2.0,” bypasses Windows’ Mark of the Web (MOTW) security feature by leveraging…
Kimsuky Hackers Using ClickFix Technique to Execute Malicious Scripts on Victim Machines
The notorious North Korean threat group Kimsuky has adopted a sophisticated social engineering tactic known as “ClickFix” to deceive users into executing malicious scripts on their own systems. Originally introduced by Proofpoint researchers in April 2024, this deceptive technique tricks…
Hacktivist Group Claimed Attacks Across 20+ Critical Sectors Following Iran–Israel Conflict
The escalating tensions between Iran and Israel have triggered an unprecedented surge in hacktivist cyber operations, with over 80 distinct groups launching coordinated attacks across 18 critical infrastructure sectors. Following Israeli airstrikes on Iranian military and nuclear facilities in June…