Critical Vulnerability in Apache Tomcat Allows Remote Code Execution

A critical vulnerability in Apache Tomcat allows for rapid exploitation, affecting versions 8.5.0 to 8.5.95, 9.0.0.M1 to 9.0.71, 10.0.0.M1 to 10.1.11, and 10.1.0.M1 to 10.1.11. This flaw enables attackers to execute code remotely without authentication. Additionally, restrictions have been placed on the use of Cobalt Strike, a popular tool for penetration testing, to reduce its misuse by cybercriminals. Furthermore, a new phishing technique uses CSS stylesheets to mask malicious URLs, making attacks harder to detect.