Security Leftovers

posted by Roy Schestowitz on Mar 18, 2025

• Security Week ☛ Exploit Code for Apache Tomcat RCE Vulnerability Published on Chinese Forum

  Exploits swirling for remote code execution vulnerability (CVE-2025-24813) in open-source Apache Tomcat web server.

• The Register UK ☛ 'Dead simple' RCE exploit in Apache Tomcat under attack

  The vulnerability is CVE-2025-24813, and was revealed on March 10 along with updates to close the hole in the open source web server software. According to API security shop Wallarm, an exploit for the bug was publicly distributed 30 hours later, and is “now actively exploited in the wild.”

• LWN ☛ Security updates for Monday

  Security updates have been issued by Debian (opensaml and php8.2), Fedora (chromium, ctk, dcmtk, expat, ffmpeg, firefox, fscrypt, gdcm, InsightToolkit, kitty, libssh2, libxml2, linux-firmware, man2html, nextcloud, OpenImageIO, php, podman-tui, python-django, python-django5, python-gunicorn, python-jinja2, python-spotipy, python3.6, qt6-qtwebengine, thunderbird, tigervnc, vim, vyper, xen, xorg-x11-server, and xorg-x11-server-Xwayland), Mageia (freetype2, ghostscript, and man2html), Oracle (kernel and krb5), Red Hat (grub2, libreoffice, mysql:8.0, pcs, thunderbird, tigervnc, webkit2gtk3, and xorg-x11-server), Slackware (expat, freetype, and php), SUSE (amazon-ssm-agent, chromedriver, ed25519-java, google-cloud-sap-agent, google-guest-agent, govulncheck-vulndb, libexslt0, libzvbi-chains0, php8, restic, rubygem-rack, subversion, tomcat, and tomcat10), and Ubuntu (freetype, resteasy, and xorg-server, xorg-server-hwe-16.04, xorg-server-hwe-18.04).

• PCLOS Official ☛ PCLinuxOS Recent Updates

• Security Week ☛ NIST Announces HQC as Fifth Standardized Post Quantum Algorithm

  First choices for both KEMs and DSAs are already standardized, and organizations should not wait for the backups to be available before migrating to PQC. 

• Security Week ☛ 8,000 New WordPress Vulnerabilities Reported in 2024 [Ed: False and misleading. WordPress but in stuff some people add on top of it.]

  Nearly 8,000 new vulnerabilities affecting the WordPress ecosystem were reported last year, nearly all in plugins and themes.

• Security Week ☛ 100 Car Dealerships Hit by Supply Chain Attack

  The websites of over 100 auto dealerships were found serving malicious ClickFix code in a supply chain compromise.

• Security Week ☛ Nvidia Patches Vulnerabilities That Could Let Hackers Exploit Hey Hi (AI) Services

  Vulnerabilities in Nvidia Riva could allow hackers to abuse speech and translation Hey Hi (AI) services that are typically expensive. 

• SANS ☛ Static Analysis of GUID Encoded Shellcode, (Mon, Mar 17th)

  I wanted to figure out how to statically decode the GUID encoded shellcode Xavier wrote about in his diary entry "Shellcode Encoded in UUIDs".

• OpenSSF (Linux Foundation) ☛ CNCF & OpenSSF Announce Open Source SecurityCon 2025

  The Cloud Native Computing Foundation (CNCF) and the Open Source Security Foundation (OpenSSF) are thrilled to introduce Open Source SecurityCon 2025—a premier event focused on strengthening cloud-native and open source software security.

• Windows TCO / Windows Bot Nets

  • Forbes ☛ Microsoft Confirms backdoored Windows Update Mistake—What You Do Now

    Microsoft’s security update this month has suddenly been described as a “nightmare” for the company, after the most surprising mistake we’ve seen yet in amongst the recent litany of install bugs hitting Windows 10 and Windows 11 users.>

  • Security Week ☛ Popular Microsoft's proprietary prison GitHub Action Targeted in Supply Chain Attack

    The tj-actions/changed-files Microsoft's proprietary prison GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.