Background: Microsoft Advisories On July 8, 2025, as part of its July Patch Tuesday rollout, Microsoft issued two CVEs’ CVE-2025-49704 and CVE-2025-49706 that affected SharePoint 2016, SharePoint 2019, and the Subscription Version of SharePoint which is designed to be evergreen meaning it receives continuous updates rather than requiring upgrades every few years. Microsoft also issued […]
Apache Advisories: On March 10th, 2025, Apache issued an advisory for CVE-2025-24813 that affected the Apache Tomcat server, which has been reportedly deployed on over 387,000 instances worldwide. This vulnerability affects versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0-M1 through 9.0.98. The Apache advisory argues that the RCE vulnerability involves using a non-default configuration. […]
Vulnerability Disclosure: On December 3, Meta (React Team) and Vercel (Node.js) publicly announced the React2Shell vulnerability (CVE-2025-55182) following a private disclosure on November 29, 2025, by security researcher Lachlan Davidson. A massive wave of scans and attacks followed the public disclosure. Because the vulnerability enables unauthenticated remote code execution (RCE) and attackers actively exploited it, […]