Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On March 17th, 2025, security researchers confirmed active exploitation of Apache Tomcat’s recently disclosed vulnerability, CVE-2025-24813. Publicly disclosed on March 10th, the earliest signs of exploitation were observed on March 12th, with attackers leveraging the flaw just 30 hours after disclosure. This vulnerability enables Remote Code Execution (RCE) and information disclosure by exploiting Tomcat’s request-handling mechanism.

Choosing the right WAF solution is not just about ticking a checkbox—it’s about ensuring real-time security, threat intelligence, and seamless operations. A poorly chosen WAF can lead to downtime, false positives, compliance gaps, and missed zero-day threats. So, before you commit to a WAF provider, ask these critical questions to ensure your web applications and APIs are protected against evolving cyber threats.

PCI DSS (Payment Card Industry Data Security Standard) v4.0.1 is designed to protect cardholder data and secure payment environments. Compliance with PCI DSS is critical for any organization that stores, processes, or transmits payment card information. The framework helps prevent fraud, data breaches, and financial losses associated with cyber threats targeting payment systems.

We are excited to announce that Indusface has successfully achieved PCI DSS v4.0.1 certification as a service provider, reinforcing our commitment to industry-leading security and compliance. This milestone underscores our dedication to protecting sensitive cardholder data and helping businesses navigate evolving security regulations.

A newly identified cyber campaign has been actively targeting organizations across multiple sectors in Japan since January 2025. Threat actors of unknown origin have been exploiting CVE-2024-4577, a critical remote code execution (RCE) vulnerability in the PHP-CGI implementation of PHP on Windows, to gain unauthorized access to victim systems. This campaign has primarily impacted Japan’s technology, telecommunications, and e-commerce industries.

The NIST Cybersecurity Framework (CSF) 2.0 is a voluntary framework developed by the National Institute of Standards and Technology (NIST) to help organizations manage and reduce cybersecurity risks. Initially released in 2014, CSF was primarily intended for critical infrastructure sectors. However, CSF 2.0 (2024) expands its scope to include organizations of all sizes and sectors, including small businesses, nonprofits, and large corporations.

Organizations handling Controlled Unclassified Information (CUI) need to comply with NIST SP 800-171 Revision 3, a set of cybersecurity requirements developed by the National Institute of Standards and Technology (NIST). These guidelines apply to non-federal organizations, including private companies, defense contractors, and businesses in regulated industries, that process, store, or transmit CUI.

NIST Special Publication 800-53 revision 5 provides a comprehensive set of security and privacy controls to help organizations manage risk effectively. These controls are widely adopted by federal agencies and private organizations to enhance cybersecurity resilience. Compliance with NIST SP 800-53 r5 helps organizations strengthen their security posture, mitigate cyber threats, and ensure regulatory compliance.