In the Spotlight This WeekThis week saw more critical patches & advisories than usual:
Apache Tomcat patched a remote code execution vulnerability.
Several Wordpress plugins appear to be under attack from a single threat actor.
Oracle published the April edition of their quarterly Critical Patch Advisory with 297 new security fixes.
Confluence posted a Critical Advisory for Confluence Server or Data Center.
Cisco also posted a Critical Advisory for their ASR 900 Series Aggregation Services Routers running CIsco IOS XR 64-bit.
Drupal published a pair of critical advisories: SA-CORE-2019-005 and SA-CORE-2019-006
And Kaspersky Labs identified a new Zero-day Vulnerability in win32k.sys