Thai government officials have been targeted by a hacking campaign that uses a hitherto undocumented backdoor called Yokai, delivered via DLL side-loading. Delivered via an archive with misleading file names related to an ongoing criminal case, its initial infection vector remains uncertain, though researchers believe it is likely spear-phishing. The sophisticated attack installs a command-and-control (C2) server, allowing the attackers to operate clandestinely on the victim’s system. The backdoor is not exclusive to Thailand and could potentially be used globally.
.webp?w=0&resize=0,0&ssl=1 "Apache Tomcat Vulnerability Let Bypass Rules & Trigger DoS Condition")
Apache Tomcat Vulnerability Let Bypass Rules & Trigger DoS Condition
The Apache Software Foundation announced a severe vulnerability (CVE-2025-31650) in Apache Tomcat, allowing attackers to exploit HTTP priority headers, leading to denial-of-service conditions. Affected versions
.webp?w=0&resize=0,0&ssl=1 "CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild")
