Day: April 17, 2025

142/68 Thursday, April 17, 2025 A critical security vulnerability, CVE-2025-24859, has been disclosed in Apache Roller, a popular Java-based open-source blogging server. The flaw, which affects versions ≤6.1.4, has been assigned the maximum CVSS score of 10.0, indicating its severity. The vulnerability stems from unsafe session management, allowing authenticated sessions to remain active even after […]

141/68 Thursday, April 17, 2025 Cybersecurity researchers at CloudSEK have uncovered a sophisticated malware campaign involving a fake version of the legitimate site PDFCandy[.]com, designed to trick users into downloading ArechClient2, an info-stealing malware from the SectopRAT family active since 2019. The campaign relies on malicious Google Ads and fake software update prompts to distribute […]