Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

CVE-2025-24859 is a critical security vulnerability in Apache Roller, a Java-based web application used for blogging and content management, that allows unauthorized session reuse due to insufficient session expiration after a user’s password is changed. Notably, the application fails to invalidate active user sessions upon password modification, irrespective of whether the change is initiated by the user or an administrative entity.

CrowdStrike Falcon Cloud Security now delivers real-time detections for AWS IAM Identity Center, helping organizations detect and respond to identity-driven cloud threats before they escalate. A few months ago, we released CrowdStrike Falcon Identity Protection support for AWS IAM Identity Center to help organizations detect and stop identity-based attacks before they could reach the cloud control plane.

Read also: A phishing gang used malware to alter property records, a scammer faces 20 years in prison for remote access fraud, and more.

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! We all know about Let’s Encrypt transition to reduced cert lifespan, but now for main stream…

Linux servers have become widely adopted across organizations of all sizes. However, the frustrations of integrating these servers have left organizations struggling to implement strong security procedures, which cyberattacks have exploited for years. For instance, the “perfctl” malware family has been targeting Linux servers and attempting to escalate privileges for over three years.

We are thrilled to announce the general availability of the Tanium Integrations Gallery for Tanium Cloud. This new capability enables users to seamlessly discover, deploy, and manage joint solutions and integrations within the Tanium platform, all without requiring deep technical expertise.

Top tips is a weekly column where we highlight what’s trending in the tech world and list ways to explore these trends. This week, we will explore ways to increase endpoint security in your organization.

Generative AI has gone from a novelty to an essential part of daily workflows across all teams at an organization. Whether it’s ChatGPT, Microsoft Copilot, Claude, or Google Gemini, employees are using chatbots to copy, paste, summarize, and query data at a pace and scale we have never seen before. Unfortunately, data security has not been a fundamental feature of generative AI as the technology’s popularity and functionality has exploded.

In 2024, Cyjax observed the emergence of 72 extortion and ransomware group data-leak sites (DLSs). As of mid-April 2025, Cyjax has identified DLSs for 27 new groups this year, as noted in recent blogs on Morpheus, GD LockerSec, Babuk2, Linkc, Anubis, Arkana, Frag, and RALord.

Brian Moynihan recently remarked, “It’s pretty clear there’s going to be a stablecoin… So if they make that legal, we’ll go into that business …it’s just then like another foreign currency.” While the comments from the CEO of Bank of America capture one bank use case for stablecoins, these digital assets have much more to offer banks than that.