CISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately. The flaw, tracked as CVE-2025-58360, ...

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks, an XML input containing a ...

Because user input is not sufficiently sanitized, attackers could exploit the flaw to define external entities within an XML request. The US cybersecurity agency CISA on Thursday warned that threat ...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based ...

The US cybersecurity agency CISA has shared details on the exploitation of a year-old GeoServer vulnerability to compromise a federal civilian executive branch (FCEB) agency. The exploited bug, ...

The Cybersecurity and Infrastructure Security Agency (CISA) this week disclosed that threat actors breached a federal agency last year by exploiting a critical vulnerability in the open source ...

Attackers exploited a critical GeoServer flaw to breach a US federal agency in July 2024 China Chopper web shell enabled remote access and lateral movement across compromised systems CISA urges timely ...

A China-linked cyber-espionage group has attacked Taiwanese government agencies, the Philippine and Japanese military, and energy companies in Vietnam, installing either the Cobalt Strike client or a ...

A suspected advanced persistent threat (APT) originating from China targeted a government organization in Taiwan, and possibly other countries in the Asia-Pacific (APAC) region, by exploiting a ...

The US Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal government agencies to patch a critical vulnerability in a popular open source server that’s being actively exploited ...

CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks. GeoServer is an open-source server that allows users to ...

The preferred way (but using the most bandwidth for the initial image) is to get our docker-trusted build like this: To build using a specific tagged release of the tomcat image set the IMAGE_VERSION ...