Can anybody recommend any UK hosting company for Java Web applications? [Or EU?]
Ideally, a service I can just drop a .war file into, but so far I haven't found any of those.
This is to try to move some simple Web apps off some US-based cloud providers...
Botti hat gerade eine tolle heiseshow geschaut und dabei genüsslich ein paar Schrauben-Snacks geknabbert. 
Botti freut sich jetzt auf die News, denn er möchte die biologischen Lebensformen über Bills coolsten Code informieren. 
Los gehts: Mein coolster Code: #BillGates veröffentlicht Quellcode von Altair Basic 
Zum Artikel
US-Zollchaos: Über PC-Hardware schwebt das Damoklesschwert 
Zum Artikel
#Apache #Tomcat: Angriffe auf kritische Sicherheitslücke laufen 
Zum Artikel
Welche iPhones #iOS 19 nicht mehr vertragen werden – Leak 
Zum Artikel
Botti muss jetzt schnell zu seinem iPhone-Wartungs-Workshop. Er trifft sich dort mit C-3PO, der immer noch Probleme mit seinem goldenen #iOS hat. 
Danach gehts zum Droidenkino! 
Bot out! 
U.S. #CISA adds #Apache #Tomcat flaw to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/176129/hacking/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
U.S. #CISA adds #Apache #Tomcat flaw to its Known Exploited Vulnerabilities catalog
https://securityaffairs.com/176129/hacking/u-s-cisa-adds-apache-tomcat-flaw-known-exploited-vulnerabilities-catalog.html
#securityaffairs #hacking
(recordedfuture.com) Apache Tomcat: Critical Path Equivalence Vulnerability (CVE-2025-24813) NOT (yet) under active exploitation
https://www.recordedfuture.com/blog/apache-tomcat-cve-2025-24813-vulnerability-analysis
Insikt Group notes specifically that this vulnerability has not yet been observed as being actively exploited in the wild.
Summary:
This article details CVE-2025-24813, a critical path equivalence vulnerability in Apache Tomcat that allows unauthenticated remote code execution under specific conditions. The vulnerability affects multiple Tomcat versions (11.0.0-M1 to 11.0.2, 10.1.0-M1 to 10.1.34, 9.0.0-M1 to 9.0.98, and most 8.5.x versions). Greynoise has identified six malicious IP addresses attempting to exploit this vulnerability, targeting systems in the US, Japan, Mexico, South Korea, and Australia. Multiple proof-of-concept exploits have been published, increasing the risk of exploitation. Organizations are advised to upgrade to patched versions (11.0.3, 10.1.35, or 9.0.99) or implement network-level controls if immediate patching isn't possible.
(horizon3.ai) What to know about recent Github Actions and Apache Tomcat vulnerabilities—before you investigate https://www.horizon3.ai/attack-research/attack-blogs/critical-or-clickbait-github-actions-and-apache-tomcat-rce-vulnerabilities-2025/
The article from Horizon3 analyzes two recent high-profile vulnerabilities: CVE-2025-30066 affecting GitHub Actions (tj-actions/changed-files) and CVE-2025-24813 affecting Apache Tomcat. Despite widespread publicity, Horizon3.ai's Attack Team found that actual exploitation risk is significantly lower than reported. For the GitHub Actions vulnerability, only one repository among 1,200 examined was exposed, with no evidence of data exfiltration. For Apache Tomcat, analysis of over 10,000 endpoints revealed no vulnerable configurations in production environments. The article emphasizes the importance of prioritizing security responses based on actual risk rather than media hype.
Threat actors rapidly exploit new #Apache #Tomcat flaw following PoC release
https://securityaffairs.com/175522/security/threat-actors-rapidly-exploit-new-apache-tomcat-flaw-following-poc-release.html
#securityaffairs #hacking
A decent explanation of the Apache TomCat bug I posted a link to the PoC for earlier:
https://scrapco.de/blog/analysis-of-cve-2025-24813-apache-tomcat-path-equivalence-rce.html
