Welcome back to VulnVerse! This is our 27th weekly dispatch, packed with the latest vulnerabilities, exploits, and cyber threats. Let's get to it.

Content:

• Vulnerabilities and Exploits 🔥: 19

• Malware and Ransomware 🐛: 10

• Software and System Issues ⚙️: 1

• Cloud ☁️: 1

• Cybersecurity Measures and Recommendations 🔒️: 6

• Advanced Persistent Threats (APT) 🕵️: 6

Vulnerabilities and Exploits 🔥

One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild

Tomcat's got a hole, CVE-2025-24813. One PUT and boom, root. Exploits are live. If you're running Tomcat, patch. Now.

Three VMware Zero-Days Under Active Exploitation – What You Need to Know

VMware's bleeding. Zero-days, actively exploited. Patch, or get owned. Seriously. If you're on VMware, you're a target.

CVE-2024-28989: Weak Encryption Key Management in Solar Winds Web Help Desk

SolarWinds, still taking hits. Weak crypto key management, critical vulnerability. Exploit details, damage potential. Patch, or data's wide open.

Laravel Reflected XSS via Request Parameter in Debug-Mode Error Page

Laravel's debug mode? XSS party. Exploit details, damage potential. Patch, and kill debug mode in prod.

akamai/CVE-2025-27636-Apache-Camel-PoC

Apache Camel, new CVE PoC. Exploit demonstrated. Review and patch, or get rekt.

Moxa Industrial Ethernet Switches Vulnerability Let Attackers Gain Admin Access

Moxa switches, critical hole. Admin access, easy. Risks and damage potential? High. Patch, or you're toast.

WordPress Plugin with Local File Inclusion

WooCommerce plugin, Husky Products Filter Professional, LFI. Unauthenticated. Exploit details, damage potential. Update the plugin, or your site gets owned.

CVE-2025-27363

Facebook advisory, CVE-2025-27363. Vulnerability details, impact potential. Review, patch, or face the consequences.

Cisco IOS XR Software Border Gateway Protocol Confederation Denial of Service Vulnerability

Cisco IOS XR, BGP DoS. Exploit details, impact potential. If you're on IOS XR, patch, or go down.

CVE-2025-0114 PAN-OS: Denial of Service (DoS) in GlobalProtect

CVE-2025-0116 PAN-OS: Firewall Denial of Service (DoS) Using a Specially Crafted LLDP Frame

CVE-2025-0115 PAN-OS: Authenticated Admin File Read Vulnerability in PAN-OS CLI

CVE-2025-0117 GlobalProtect App: Local Privilege Escalation (PE) Vulnerability

Palo Alto Networks, four new holes. Vulnerability details, impact potential.

Unmasking the new persistent attacks on Japan

Japan's under siege. Persistent attacks, stealthy tactics. Increased vigilance is a must. If you're in Japan, you're in the crosshairs.

Impossible XXE in PHP

XXE, made "impossible," still exploitable. Security bypass tricks. Learn them, or get owned.

Sign in as anyone: Bypassing SAML SSO authentication with parser differentials

SAML SSO bypass, sign in as anyone. Parser differentials, subtle exploits. Exploit details, damage potential. If you're on SAML, pay attention.