Has anyone actually confirmed real-world compromises from the supposed Apache Tomcat exploitation (CVE-2025-24813) going on? Breathless headlines seem to be quoting a single vague source, and this bug isn't exploitable in anywhere close to a default config https://attackerkb.com/assessments/1a24556d-24fb-4017-be67-e4ab39c76566
@catc0n
"Exploited in the wild" is a phrase that's commonly used when "Exploit attempts have been seen in the wild" more accurately captures reality.
I have a hard time seeing that situation changing for many of the parties making such statements.
My shining example of this is the time that Greynoise published a fake PoC once, and then had a follow up proclaiming "See! We have proof that this vulnerability is being exploited in the wild!" (when their honeypots detected use of the fake PoC ITW)
@buherator thanks! We used your work heavily when investigating, so double thanks :)
@buherator @GossiTheDog that’d track. I usually try to hold the salt in threat blogs, but since this almost certainly isn’t going to be a major attack vector, maybe I’ll sprinkle some sodium in this one 😂