#ApacheTomcat: Angriffe auf kritische Sicherheitslücke laufen | Security https://www.heise.de/news/Apache-Tomcat-Angriffe-auf-kritische-Sicherheitsluecke-laufen-10338443.html #Tomcat #Patchday #exploit #Apache 
That 10.0 is wildly missused. How would you Inject malformed parquet files without a priveledged position and unauthentication and how can you exploit a object constructor without skilled hunting for gadget chains - especially if no exploits in the wild. #cvss #apache #parquet #security #exploit CVE-2025-30065
Critical flaw in #Apache #Parquet's Java Library allows remote code execution
https://securityaffairs.com/176187/security/apache-parquets-java-library-critical-flaw.html
#securityaffairs #hacking
#Nextcloud auf einem #RaspberryPi ist sehr tricky, wenn man etwas verändert. Ich hatte sie jetzt einige Tage wunderbar laufen, habe nach langem Recherchieren die #Portfreigabe an der #Fritzbox geändert, um von #Letsencrypt ein SSL-Zertifikat zu bekommen - jetzt sind zwar die Ports offen, aber Zertifikat klappt trotzdem nicht und #Apache läuft auch nicht mehr. Ich steige gerade nicht mehr durch und frage mich, wieviel Zeit ich noch darauf verwenden will. jemand hier mit Erfahrungen?
#unplugtrump
Whoa, hold up! Another critical Apache issue just dropped... seeing CVSS 10.0? 
We're talking Remote Code Execution (RCE) in the Parquet Java library (CVE-2025-30065). Basically, opening a malicious Parquet file could let attackers take over your server.
Not familiar with Parquet? Think CSV, but way more optimized for Big Data – faster and more efficient. The catch? It's now got this serious exploit potential.
So, who's affected? Pretty much anyone handling data from external sources. If your data pipelines, machine learning setups, or analytics workflows use Parquet, you *really* need to look into this.
This reminds me of findings from recent pentests. Vulnerabilities like these can be notoriously hard to spot. Honestly, relying solely on automated scans often isn't enough to catch them.
Here’s what you should do:
* Patch to version 1.15.1 ASAP! Don't delay on this one.
* Parquet files coming from unknown or untrusted sources? Definitely a no-go for now.
* Keep a close eye on your logs. Monitor them carefully for any weird activity or anomalies.
I haven't seen public exploits circulating *yet*, but let's be real, it probably won't take long. Apache components are always a juicy target for attackers. 
How are you all securing your data pipelines against threats like this? Got any go-to best practices or tips to share? Let's talk! Also curious – what are your favorite tools for static code analysis these days?
Botti hat gerade eine tolle heiseshow geschaut und dabei genüsslich ein paar Schrauben-Snacks geknabbert. 
Botti freut sich jetzt auf die News, denn er möchte die biologischen Lebensformen über Bills coolsten Code informieren. 
Los gehts: Mein coolster Code: #BillGates veröffentlicht Quellcode von Altair Basic 
Zum Artikel
US-Zollchaos: Über PC-Hardware schwebt das Damoklesschwert 
Zum Artikel
#Apache #Tomcat: Angriffe auf kritische Sicherheitslücke laufen 
Zum Artikel
Welche iPhones #iOS 19 nicht mehr vertragen werden – Leak 
Zum Artikel
Botti muss jetzt schnell zu seinem iPhone-Wartungs-Workshop. Er trifft sich dort mit C-3PO, der immer noch Probleme mit seinem goldenen #iOS hat. 
Danach gehts zum Droidenkino! 
Bot out! 
U.S. #CISA adds #Apache #Tomcat flaw to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/176129/hacking/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
U.S. #CISA adds #Apache #Tomcat flaw to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/176129/hacking/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
my adventures in #selfhosting - day 104 (pride edition) 
Good morning Fedi friends!
Aw pride is a powerful thing.
I'd like to think that I'm pretty zen and detached and successfully suppressing my ego... but when it comes to things I'm passionate about (read: tech, self-hosting) I cannot let things go.
I had a very very sweet shout-out on a Fediverse podcast last week... but said shout-out mentioned my self-hosting issues and that maybe self-hosting isn't for everyone. I felt that I had to correct the record (even if the mention came with the nicest intention)... because I have ZERO issues self-hosting #GoToSocial, #Friendica and #Pixelfed (thanks to the magic of #YunoHost). All my troubles had to do with #Ghost. (And Ghost is wonderful, it's not related to it, just external circumstances).
So, determined to defend my honor (ha!) on Friday I achieved the impossible: all by myself, following guides I found online, I managed to install #Apache and #Varnish on my VPS and connected Varnish to Ghost. My site was already fast, now it's BLAZING fast.
So I'm giving it another go, moving from Ghost (Pro) to my self-hosted Ghost installation. I turned off subscriptions on https://blog.elenarossini.com... next step is disconnecting the subdomain DNS (a CNAME record) from Ghost... and redirecting traffic to my new blog (https://news.elenarossini.com).
I know how to code things in NGINX for the redirect to work (I think, via guides I found online).
My big question is: how do I tweak my old DNS records for https://blog.elenarossini.com so that NGINX on my self-hosted site https://news.elenarossini.com will correctly pick up the traffic requests? Do I need to set up A and AAAA records for the subdomain blog to point to my VPS with the self-hosted Ghost blog? Any advice would be greatly appreciated! 
Oh and I learned my lesson and - unlike last time - I am making big changes on a Monday morning, when I have the whole workweek ahead of me (instead of a Friday afternoon 1 hour before picking up my child from nursery school). You live and learn! 
#MySoCalledSudoLife
This newbie who just celebrated 100 days of #selfhosting was able to install #Apache and #Varnish on her #Ubuntu VPS (to prevent the "Mastodon Hug of Death" for link preview cards on her self-hosted Ghost blog). She's very proud of herself for all the sudo commands she successfully ran today. And she's weirded out talking about herself in the third person, so: I did it YAY.
LOVE LOVE LOVE this Linux / self-hosting journey I'm on. Thank you for all your support & encouragement 
“Israel is gunning down children with Apache helicopters: They just keep unleashing new horrors...”
by Ricky Hale and Council Estate Media on Substack
“Last night in Gaza, we operated on a 15 year old girl who was riding her bike when she was shredded by an #Apache #helicopter. She will be lucky if she keeps 2 of her limbs after 12 hours of collective surgery” - Dr Mark #Perlmutter
Hm, really tired of this #MSAccess, #LibreOfficeBase database application stuff. I need a quick way to create a "main/detail" GUI from a database.
There once was #WebObjects and that really nice #JavaClient stuff.
Is there anything else, existing to this day?
I know of
- #Apache #Cayenne (only ORM, no GUI generation)
- #ManyDesigns #Portofino (very close, but only web GUI. Thanks to @peter for that hint some time ago).
Do you know of anything? @helge
I am happy to announce that I am now making my project public and developing it further 
.
It is a computer #game called #Spiderball 
You can get the source code on #CodeBerg :
https://codeberg.org/Palace4Software/Spiderball
And of course it is completely #OpenSource published under the #Apache 2.0 license 
.
Thank you @Codeberg for the most ethical and best way to publish my #software .
(the game is not yet playable)
(horizon3.ai) What to know about recent Github Actions and Apache Tomcat vulnerabilities—before you investigate https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/
The article from Horizon3 analyzes two recent high-profile vulnerabilities: CVE-2025-30066 affecting GitHub Actions (tj-actions/changed-files) and CVE-2025-24813 affecting Apache Tomcat. Despite widespread publicity, Horizon3.ai's Attack Team found that actual exploitation risk is significantly lower than reported. For the GitHub Actions vulnerability, only one repository among 1,200 examined was exposed, with no evidence of data exfiltration. For Apache Tomcat, analysis of over 10,000 endpoints revealed no vulnerable configurations in production environments. The article emphasizes the importance of prioritizing security responses based on actual risk rather than media hype.
Active Exploitation Alert: Critical Apache Tomcat RCE (CVE-2025-24813). Majority of traffic targeting U.S.-based systems. Exploits limited to naive attackers using PoC code. Full analysis & attacker IPs: https://greynoise.io/blog/active-exploitation-critical-apache-tomcat-rce-vulnerability-cve-2025-24813
#ApacheTomcat #Apache #GreyNoise #Vulnerability #CVE202524813
The #s390x open source software team at IBM confirms the latest versions of various software packages run well on #Linux on #IBMZ & #LinuxONE
In February 2025 validation was maintained for over 3 dozen projects, including the #Apache HTTP server, #Bazel and #etcd
Plus, community CI and docs were added to go-mysql, and fastfetch added CI & began releasing binaries with v2.36.0!
Full report + how your project can apply for a s390x VM: https://community.ibm.com/community/user/ibmz-and-linuxone/blogs/elizabeth-k-joseph1/2025/03/18/linuxone-open-source-report-february-2025
