CSOonline

CISA orders immediate patching as GeoServer flaw faces active exploitation

CISA is sounding the alarm over a critical vulnerability in GeoServer that is being actively exploited in the wild, ordering federal agencies to patch immediately. The flaw, tracked as CVE-2025-58360, ...
Bleeping Computer

CISA orders feds to patch actively exploited Geoserver flaw

CISA has ordered U.S. federal agencies to patch a critical GeoServer vulnerability now actively exploited in XML External Entity (XXE) injection attacks. In such attacks, an XML input containing a ...
The Hacker News

CISA Flags Actively Exploited GeoServer XXE Flaw in Updated KEV Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting OSGeo GeoServer to its Known Exploited Vulnerabilities (KEV) catalog, based ...
Dark Reading

CISA: Attackers Breach Federal Agency via Critical GeoServer Flaw

The Cybersecurity and Infrastructure Security Agency (CISA) this week disclosed that threat actors breached a federal agency last year by exploiting a critical vulnerability in the open source ...
TechRadar

US federal agency breached by hackers using GeoServer exploit, CISA says

Attackers exploited a critical GeoServer flaw to breach a US federal agency in July 2024 China Chopper web shell enabled remote access and lateral movement across compromised systems CISA urges timely ...
Infosecurity-magazine.com

Federal Agency Compromised Via GeoServer Exploit, CISA Reveals

A federal agency was compromised last year after failures in vulnerability remediation, incident response and EDR log reviews, according to the US Cybersecurity and Infrastructure Security Agency ...
thecyberexpress

CISA Says Failure to Patch, Untested IRP, Silent EDR Alerts, Led to a Federal Agency Breach

CISA this week offered a rare window into a real-world breach at a U.S. federal civilian agency. Delays in patching, unexercised incident response plans, and inadequate monitoring of EDR alerts were ...
Hosted on MSN

AfriGIS recognised as core contributor to GeoServer

Peter Smythe, Senior Systems Analyst at AfriGIS. AfriGIS has been recognised as one of the core contributors to the GeoServer Open-Source project, marking a milestone for the company and the African ...
The Hacker News

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Cybersecurity researchers are calling attention to multiple campaigns that are taking advantage of known security vulnerabilities and exposed Redis servers to various malicious activities, including ...
GitHub

GeoServer 3

The following updates are required for spring-framework-6, each update requiring several others to occur at the same time. This activity is targeted for the bulk of the work, doing everything possible ...
CSOonline

Androxgh0st botnet integrates Mozi payloads to target IoT devices

The malware has added exploits for more web applications and devices to its arsenal and some of them seem to be inherited from an older botnet called Mozi. Androxgh0st, a botnet known to steal cloud ...