Threat Post

PoC Exploit Targeting Apache Struts Surfaces on GitHub

Researchers have discovered freely available PoC code and exploit that can be used to attack unpatched security holes in Apache Struts 2. Proof-of-concept exploit code surfaced on GitHub on Friday, ...
Threat Post

Apache Tomcat Exploit Poised to Pounce, Stealing Files

Researchers said that a working exploit for CVE-2020-1938 leaked on GitHub makes is a snap to compromise webservers. A vulnerability in the popular Apache Tomcat web server is ripe for active attack, ...
Dark Reading

Apache Tomcat RCE Vulnerability Under Fire With 2-Step Exploit

A vulnerability found in Apache Tomcat, tracked as CVE-2025-24813, is being actively exploited in the wild. The remote code execution (RCE) bug allows attackers to take over servers using a PUT API ...
Bleeping Computer

WebRAT malware spread via fake vulnerability exploits on GitHub

The WebRAT malware is now being distributed through GitHub repositories that claim to host proof-of-concept exploits for recently disclosed vulnerabilities. Previously spread through pirated software ...
CSOonline

Attackers set up rogue GitHub repos with malware posing as zero-day exploits

In an unusual attack campaign, a hacker has been setting up rogue GitHub repositories that claim to host zero-day exploits for popular applications but which instead deliver malware. The attacker also ...
Ars Technica

Critics fume after Github removes exploit code for Exchange vulnerabilities

Github has ignited a firestorm after the Microsoft-owned code-sharing repository removed a proof-of-concept exploit for critical vulnerabilities in Microsoft Exchange that have led to as many as ...