Security Bulletin: Magecart Skimming Campaign
By Anna Balabushko, of Centripetal Networks Magecart is a long-running digital skimming threat attributed to multiple financially motivated cybercriminal groups specializing in the theft of payment card data from e-commerce websites. First identified in 2015, Magecart attacks have continuously evolved, leveraging compromised third-party services, supply chain vulnerabilities, and increasingly sophisticated obfuscation tactics to inject malicious […]
Chaining CVE-2024-38475 and CVE-2023-44221 for Full System Compromise
CVE-2024-38475 is a critical vulnerability in the Apache HTTP Server’s mod_rewrite module that permits arbitrary file read operations under specific configurations. This flaw arises from inadequate sanitization of user-controlled input passed to RewriteRule directives, which allows attackers to traverse the filesystem by manipulating server variables and regex capture groups. When vulnerable rewrite logic is in […]
Security Bulletin: CVE Program Funding Concerns and Emerging Alternatives
On April 16, 2025, a critical moment unfolded in the cybersecurity world when the U.S. Department of Homeland Security’s funding for the Common Vulnerabilities and Exposures (CVE) Program, operated by MITRE, was set to expire. The CVE system is a globally relied-upon database for cataloging known cyber vulnerabilities and has been a cornerstone of vulnerability […]
Security Bulletin: ClickFix and the New Era of Social Engineering
ClickFix is an emerging social engineering technique that has gained traction among both cybercriminals and APT groups due to its effectiveness and low barrier to execution. First observed around October 19, 2023, disguised as Cloudflare anti-bot protection, ClickFix deceives users into taking action to “fix” a non-existent issue, often through fake reCAPTCHA pages, spoofed software […]
Security Bulletin: Critical Apache Roller Vulnerability Enables Unauthorized Session Persistence
CVE-2025-24859 is a critical security vulnerability in Apache Roller, a Java-based web application used for blogging and content management, that allows unauthorized session reuse due to insufficient session expiration after a user’s password is changed. Notably, the application fails to invalidate active user sessions upon password modification, irrespective of whether the change is initiated by the […]
Security Bulletin: Critical Vulnerabilities in Kubernetes Ingress NGINX Controller
CVE-2025-1974 is a critical remote code execution (RCE) vulnerability in Kubernetes’ Ingress-NGINX Controller that allows unauthenticated attackers with network access to inject arbitrary NGINX configuration directives, potentially leading to full cluster compromise. Ingress-NGINX is a software-only ingress controller provided by the Kubernetes project. Because of its versatility and ease of use, ingress-nginx is quite popular: […]
Security Bulletin: GitHub Action Supply Chain Attack – reviewdog/action-setup
On March 11, 2025, a supply chain attack targeting the widely used GitHub Action reviewdog/action-setup@v1, leading to the exposure of sensitive CI/CD secrets across multiple repositories. The attack was identified by Wiz Research, which determined that this compromise played a pivotal role in the tj-actions/changed-files incident (Wiz, 2025). The attack involved unauthorized modifications to the […]
Security Bulletin: Remote Code Execution with Partial PUT on Apache Tomcat Instances
Apache Tomcat has disclosed a new critical vulnerability, CVE-2025-24813, which affects multiple versions due to improper handling of partial PUT requests and path equivalence flaws. This unauthenticated remote code execution (RCE) vulnerability allows threat actors to exploit Apache Tomcat without requiring valid credentials, significantly increasing the attack surface. Once exploited, attackers can bypass security controls, […]
Security Bulletin: QakBot/Qbot Malware
QakBot (also known as Qbot or Pinkslipbot) is a highly adaptive malware that has evolved over the past decade to evade security defenses. Initially developed as a banking trojan to steal financial data, it has since expanded its capabilities, employing advanced evasion techniques and a modular architecture to facilitate credential theft, lateral movement, and ransomware […]
Security Bulletin: Apache Camel Message Header Injection via Improper Filtering
In the days leading up to the publication of the Apache Camel Message Header Injection via Improper Filtering, now known as CVE-2025-27636, alarmist noise emerged from the wider cyber community, with Kevin Beaumont describing it as an “end of the world zero day” in Apache Camel, along with explicit details on how elements of this […]