InfoSecBulletin Cybersecurity for mankind
More than 28,000 unpatched Microsoft Exchange servers are publicly accessible and vulnerable to the critical security flaw CVE-2025-53786, as reported by The Shadowserver Foundation on August 7, 2025.
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
CISA: Splunk flaw under active exploit, patch by Sunday
Texas data breach exposes 3 million driver’s licenses
CISA’s Emergency Directive 25-02 on August 7 requires federal agencies to fix a critical vulnerability in Microsoft Exchange hybrid setups by 9:00 AM ET on August 11.
Vulnerability scans show that the US, Germany, and Russia have the most exposed vulnerable servers. These findings come as Microsoft and CISA warn of “significant, unacceptable risk” to organizations operating Exchange hybrid configurations that have not implemented the April 2025 security guidance.
The vulnerability originated on April 18, 2025, when Microsoft announced security changes for Exchange Server Hybrid Deployments along with a non-security hotfix.
The company recommends installing the April 2025 hotfix or later and making configuration changes in Exchange Server hybrid environments.
Security researcher Dirk-Jan Mollema from Outsider Security revealed a vulnerability at Black Hat USA 2025, showing how attackers can create forged authentication tokens that are valid for 24 hours, bypassing access policies.
Microsoft has labeled the vulnerability as “Exploitation More Likely” despite no confirmed active exploitation as of the disclosure date.
CISA Acting Director Madhu Gottumukkala highlighted the urgent need to address a vulnerability that poses a serious risk to crucial federal systems.
Organizations should apply the April 2025 Exchange Server hotfix updates, set up dedicated Exchange hybrid applications, and remove old service principal credentials.
