web server Archives • Daily CyberSecurity

Encryption Bypasses and Kubernetes Token Leaks Hit Apache Tomcat CVE-2023-45648 Apache Tomcat Security Encryption Bypass

Encryption Bypasses and Kubernetes Token Leaks Hit Apache Tomcat

Do Son April 13, 2026

Apache Tomcat, the open-source backbone for millions of Java-based web applications, has been hit by a wave...

Operation Rewrite: How a Malicious IIS Module Is Hijacking Websites Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Operation Rewrite: How a Malicious IIS Module Is Hijacking Websites

Do Son September 23, 2025

Researchers at Unit 42 uncovered a large-scale search engine optimization (SEO) poisoning campaign, tracked as CL-UNK-1037 and...

Critical Flaws in Hiawatha Web Server Could Allow Authentication Bypass and RCE Hiawatha vulnerability

Critical Flaws in Hiawatha Web Server Could Allow Authentication Bypass and RCE

Do Son September 10, 2025

The CERT Coordination Center (CERT/CC) has issued a vulnerability note highlighting three serious flaws in the Hiawatha...

Patch Now: Apache Tomcat Fixes Session Fixation and ‘MadeYouReset’ Flaws CVE-2024-50379 & CVE-2024-54677 Apache Tomcat Vulnerabilities

Patch Now: Apache Tomcat Fixes Session Fixation and ‘MadeYouReset’ Flaws

Do Son August 15, 2025

The Apache Tomcat Project has issued important updates addressing two significant vulnerabilities affecting multiple supported versions of...

CVE-2025-34300 (CVSS 10): Critical RCE Flaw in Lighthouse Studio’s CGI Scripts Threatens Survey Servers Worldwide Lighthouse Studio RCE, Survey Platform Vulnerability

Lighthouse Studio RCE, Survey Platform Vulnerability

CVE-2025-34300 (CVSS 10): Critical RCE Flaw in Lighthouse Studio’s CGI Scripts Threatens Survey Servers Worldwide

Do Son July 18, 2025

A severe remote code execution (RCE) vulnerability has been discovered in Lighthouse Studio, a popular web-based survey...

Apache HTTP Server 2.4.64 Released: Patches 8 Vulnerabilities, Including HTTP Splitting, SSRF & DoS CVE-2024-38472 Apache HTTP Server, Security Patches

Apache HTTP Server 2.4.64 Released: Patches 8 Vulnerabilities, Including HTTP Splitting, SSRF & DoS

Do Son July 11, 2025

The Apache Software Foundation has issued a new release—Apache HTTP Server version 2.4.64—patching eight security vulnerabilities that...

Apache Tomcat Patches Trio of Denial-of-Service Flaws CVE-2024-24549 & CVE-2024-23672 Apache Tomcat, DoS Vulnerabilities

Apache Tomcat Patches Trio of Denial-of-Service Flaws

Do Son July 9, 2025

The Apache Software Foundation has released critical updates for Apache Tomcat 9, addressing three newly disclosed denial-of-service...

Apache Tomcat Patches 4 Flaws: DoS, Privilege Bypass, & Installer Risks Addressed Apache Tomcat Vulnerabilities

Apache Tomcat Patches 4 Flaws: DoS, Privilege Bypass, & Installer Risks Addressed

Do Son June 17, 2025

The Apache Software Foundation has disclosed four security vulnerabilities affecting multiple versions of Apache Tomcat, the widely...

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces Apache Tomcat, Brute-Force Attacks CVE-2024-38286 - Apache Tomcat 11

Apache Tomcat, Brute-Force Attacks CVE-2024-38286 - Apache Tomcat 11

Apache Tomcat Under Attack: Massive Brute-Force Campaign Targets Manager Interfaces

Do Son June 13, 2025

A significant surge in brute-force attacks is targeting Apache Tomcat Manager interfaces, according to a new report...

Apache Tomcat Flaw Allows Security Bypass on Case-Insensitive Systems Apache Tomcat vulnerability CGI servlet bypass

Apache Tomcat Flaw Allows Security Bypass on Case-Insensitive Systems

Do Son May 30, 2025

The Apache Software Foundation has disclosed a low-severity security vulnerability affecting multiple versions of the Apache Tomcat...

ModSecurity DoS Flaw: PoC Available for Apache Vulnerability (No Workaround, Patch Pending) libmodsecurity3 Denial of Service WAF Security Vulnerability CVE-2025-27110 ModSecurity vulnerability, JSON DoS

libmodsecurity3 Denial of Service WAF Security Vulnerability CVE-2025-27110 ModSecurity vulnerability, JSON DoS

ModSecurity DoS Flaw: PoC Available for Apache Vulnerability (No Workaround, Patch Pending)

Do Son May 23, 2025

A newly disclosed vulnerability in ModSecurity’s Apache module, tracked as CVE-2025-47947, exposes web servers to a potentially...

Sophisticated IIS Malware Targets South Korean Web Servers IIS malware, South Korea cyberattack

Sophisticated IIS Malware Targets South Korean Web Servers

Do Son May 9, 2025

In a targeted and technically advanced cyber operation discovered in February 2025, the AhnLab Security Intelligence Center...

Critical Alert 1 Active Exploit Detected Today