-
Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks
News headlines reported that it took just 30 hours for attackers to exploit a newly discovered vulnerability in Apache Tomcat servers. But what does this mean for workloads relying on Tomcat? Aqua Nautilus researchers discovered a new attack campaign targeting Apache Tomcat. In this blog, we shed light on newly discovered malware that targets Tomcat…
-
Cut Through Alert Noise and Fix Toxic Combinations First
Not every security alert is a threat, but the right combination can bring down your cloud native and containerized applications. Security incidents rarely happen because of a single weak point. Instead, they stem from toxic combinations. A misconfigured workload might seem harmless on its own, but add exposed credentials and an unpatched vulnerability, and attackers…
-
IngressNightmare Vulnerabilities: All You Need to Know
On March 24, 2025, a series of several critical vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974) were disclosed in the ingress-nginx Controller for Kubernetes, collectively termed IngressNightmare. These vulnerabilities could lead to a complete cluster takeover by allowing attackers unauthorized access to all secrets stored across all namespaces in the Kubernetes cluster. Go to Source
-
How the Google-Wiz acquisition redefines cloud security
Google’s acquisition of Wiz, announced last week, is a pivotal moment as it marks a strategic shift in how cyber security will evolve over the next few years. It instantly turns Google into a major player in security, adding Wiz to other building blocks Google has racked up in the past couple of years, most…
-
Supply Chain Security Risk: GitHub Action tj-actions/changed-files Compromised
On March 14th, 2025, security researchers discovered a critical software supply chain vulnerability in the widely-used GitHub Action tj-actions/changed-files (CVE-2025-30066). This vulnerability allows remote attackers to expose CI/CD secrets via the action’s build logs. The issue affects users who rely on the tj-actions/changed-files action in GitHub workflows to track changed files within a pull request.…
-
Stopping Sobolan Malware with Aqua Runtime Protection
Aqua Nautilus researchers have discovered a new attack campaign targeting interactive computing environments such as Jupyter Notebooks. The attack consists of multiple stages, beginning with the download of a compressed file from a remote server. Once executed, the attacker deploys several malicious tools to exploit the server and establish persistence. This campaign poses a significant…
-
DeepSec 2025 Press Release: High threat level for IT security research. IT security is under attack from politics and hostility towards science.
Information technology is an integral part of computer science and therefore also of mathematics. Since 2007, the DeepSec conference in Vienna has brought together international researchers to discuss current threats, publish acute vulnerabilities and exchange knowledge on the defence of critical infrastructure. The increasing hostility towards science and the dismantling of US authorities that contribute…
-
DeepSec/DeepINTEL Conference Tickets available!
Easter is the traditional time for us to dust off the ticket shop and configure the next version. It is a bit more than just increasing the year and checking the dates because we need to check with the hotel venue and make sure that the tickets stay stable until November. You can take advantage…
-
DeepSec and DeepINTEL 2025 – Call for Papers!
We have silent running since December. The reasons were behind-the-scenes updates, post-processing the past DeepSec conference, recharging our batteries, and adapting to the new situation in IT security influenced by geopolitics. Following the news since 20 January took a lot of head-shaking and wondering what the rest of 2025 will look like. This is where…
-
Lantronix Device Installer
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Low attack complexity Vendor: Lantronix Equipment: Device Installer Vulnerability: Improper Restriction of XML External Entity Reference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to gain access to the host machine running the Device Installer software. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS…