Tuesday , June 23 2026
Geoserver

Alert: CISA orders feds to patch actively exploited Geoserver flaw urgently

infosecbulletin Friday , December 12 2025 Alert, Vulnerabilities

CISA has ordered U.S. federal agencies to fix a serious GeoServer vulnerability that is currently being exploited in XML External Entity (XXE) injection attacks.

CISA reported a security flaw (CVE-2025-58360) on Thursday, an unauthenticated XML External Entity (XXE) vulnerability in GeoServer 2.26.1 and earlier versions. This open-source server for geospatial data can be exploited to access sensitive files from affected servers.

New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

By infosecbulletin / Tuesday , June 23 2026
Researchers at cybersecurity firm Paradigm Shift found a new flaw called usbliter8. This flaw can get around main boot protections...
Read More
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide

India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record

By infosecbulletin / Tuesday , June 23 2026
A cyber attack seems to have affected one of India's top electronics companies. Tata Electronics has said there was a...
Read More
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record

Anthropic’s Mythos reportedly broke NSA classified systems in hours

By infosecbulletin / Monday , June 22 2026
The recent finding shows how powerful Mythos is: the AI can access the US government's secret networks in just a...
Read More
Anthropic’s Mythos reportedly broke NSA classified systems in hours

OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment

By infosecbulletin / Monday , June 22 2026
Test before going live is important for AI developers. But there's a problem: testing usually uses fake scenarios that often...
Read More
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment

AryStinger botnet infected thousands of D-Link routers globally

By infosecbulletin / Sunday , June 21 2026
AryStinger has taken control of over 4,000 old D-Link routers to use them as proxies for harmful traffic. The team...
Read More
AryStinger botnet infected thousands of D-Link routers globally

Hacker suspected of sending alerts across Brazil

By infosecbulletin / Sunday , June 21 2026
Brazil's government suspects a hacking attack triggered an unauthorized ‌alert sent to cell phones across parts of the country early...
Read More
Hacker suspected of sending alerts across Brazil

CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT

By infosecbulletin / Sunday , June 21 2026
A new open-source cybersecurity tool named CyberSentinel AI v3.0 has come out. It is an important step in self-operated security...
Read More
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT

Barracuda hosts Dhaka roundtable on cyber resilience

By infosecbulletin / Saturday , June 20 2026
Barracuda gathered industry people in Dhaka on 18 June 2026 for a roundtable talk about cyber resilience. The company shared...
Read More
Barracuda hosts Dhaka roundtable on cyber resilience

CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices

By infosecbulletin / Saturday , June 20 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) asked Fortinet users with FortiGate devices on Thursday to act to protect...
Read More
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices

CISA: Splunk flaw under active exploit, patch by Sunday

By infosecbulletin / Saturday , June 20 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has asked federal agencies to protect their systems by Sunday from a...
Read More
CISA: Splunk flaw under active exploit, patch by Sunday

“An XML External Entity (XXE) vulnerability was identified affecting GeoServer 2.26.1 and prior versions. The application accepts XML input through a specific endpoint /geoserver/wms operation GetMap,” a GeoServer advisory explains.

“However, this input is not sufficiently sanitized or restricted, allowing an attacker to define external entities within the XML request.”

The Shadowserver group now monitors 2,451 IP addresses with GeoServer fingerprints, while Shodan reports over 14,000 instances exposed online.

CISA has listed CVE-2025-58360 in its Known Exploited Vulnerabilities Catalog, indicating it’s actively exploited. FCEB agencies must patch servers by January 1, 2026, as per Binding Operational Directive 22-01 from November 2021.

BOD 22-01 is targeted at federal agencies, but the U.S. cybersecurity agency recommended that all network defenders quickly patch this vulnerability.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said. “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”

Check Also

F5

F5 Patches NGINX Flaw for Code Execution and DoS Attacks

F5 has shared a security warning about serious flaws in NGINX. These issues could let …

Mail: [email protected]
© Copyright 2026, All Rights Reserved InfoSecBulletin