Siemens issued a security advisory (SSA-047424) for two serious vulnerabilities—CVE-2025-26389 and CVE-2025-26390—impacting the OZW672 and OZW772 web servers. These servers are commonly used for remote monitoring and controlling building systems like heating and air conditioning. Both vulnerabilities can be exploited without authentication, potentially compromising the entire system. “OZW672 and OZW772 …

Microsoft has released its Patch Tuesday updates for May 2025, addressing a total of 78 vulnerabilities across its product ecosystem, with five identified as actively exploited zero-day flaws. The updates cover a wide range of software, including Windows, Microsoft Office, Azure, Visual Studio, and more, urging users and administrators to …

NID services in Bangladesh are temporarily suspended due to issues with delivering One-Time Passwords (OTP) needed to access the NID server. Institutions using NID services are operating normally, but Election Commission (EC) officials cannot provide services at this time. ASM Humayun Kabir, director general of the Election Commission’s National Identity …

Google will pay about $1.4 billion to Texas to settle two lawsuits regarding location tracking and biometric data storage without consent. This $1.375 billion settlement is much larger than previous fines for similar practices: $391 million in 2022 to 40 states, $29.5 million in early 2023 to Indiana and Washington, …

YouTube has restricted access to at least four Bangladeshi television channels in India following a takedown request from the Indian government, citing concerns related to national security and public order. The affected channels: Jamuna TV, Ekattor TV, BanglaVision, and Mohona TV—are no longer accessible to viewers in India. When accessed …

Microsoft has fixed critical vulnerabilities in its core cloud services, including Azure Automation, Azure Storage, Azure DevOps, and Microsoft Power Apps. While these flaws haven’t been publicly disclosed or exploited, they highlight the need for proactive security measures in cloud-native development. CVE-2025-29813 (CVSS 10.0): Azure DevOps Pipeline Token Hijack: A …

The cyber threat landscape is rapidly changing, with a notable increase in ransomware activity in April 2025, driven by the Qilin ransomware group. They exploited the NETXLOADER malware loader and SmokeLoader, causing 45 confirmed data breaches in a matter of weeks, surpassing major rivals like Akira, Play, and Lynx. What …

SonicWall has released patches for three security flaws in SMA 100 Secure Mobile Access appliances that could allow remote code execution. The vulnerabilities are listed below: CVE-2025-32819 (CVSS score: 8.8) : A vulnerability in SMA100 lets an authenticated remote attacker with SSL-VPN user access bypass checks and delete any file, …

From April 2024 to April 2025, Flashpoint analysts noted that the financial sector was a major target for threat actors, with 406 incidents publicly reported as ransomware attacks, accounting for seven percent of all ransomware incidents during that time. Why Finance? The financial sector consistently ranks as one of the …

Cisco has issued a security advisory for a critical vulnerability in its IOS XE Software for Wireless LAN Controllers (WLCs). This vulnerability, known as CVE-2025-20188, has a CVSS score of 10, indicating the highest security flaw. The advisory highlights a vulnerability in the Out-of-Band Access Point (AP) Image Download feature …