Wednesday , May 14 2025

infosecbulletin

CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE

Siemens

Siemens issued a security advisory (SSA-047424) for two serious vulnerabilities—CVE-2025-26389 and CVE-2025-26390—impacting the OZW672 and OZW772 web servers. These servers are commonly used for remote monitoring and controlling building systems like heating and air conditioning. Both vulnerabilities can be exploited without authentication, potentially compromising the entire system. “OZW672 and OZW772 …

Read More »

Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day

May 2025

Microsoft has released its Patch Tuesday updates for May 2025, addressing a total of 78 vulnerabilities across its product ecosystem, with five identified as actively exploited zero-day flaws. The updates cover a wide range of software, including Windows, Microsoft Office, Azure, Visual Studio, and more, urging users and administrators to …

Read More »

OTP glitch disrupted NID services across the country

NID services

NID services in Bangladesh are temporarily suspended due to issues with delivering One-Time Passwords (OTP) needed to access the NID server. Institutions using NID services are operating normally, but Election Commission (EC) officials cannot provide services at this time. ASM Humayun Kabir, director general of the Election Commission’s National Identity …

Read More »

YouTube geo-blocks at least 4 Bangladeshi TV channels in India

YouTube

YouTube has restricted access to at least four Bangladeshi television channels in India following a takedown request from the Indian government, citing concerns related to national security and public order. The affected channels: Jamuna TV, Ekattor TV, BanglaVision, and Mohona TV—are no longer accessible to viewers in India. When accessed …

Read More »

Microsoft Patches Four Critical Azure and Power Apps Vulns

Power Apps

Microsoft has fixed critical vulnerabilities in its core cloud services, including Azure Automation, Azure Storage, Azure DevOps, and Microsoft Power Apps. While these flaws haven’t been publicly disclosed or exploited, they highlight the need for proactive security measures in cloud-native development. CVE-2025-29813 (CVSS 10.0): Azure DevOps Pipeline Token Hijack: A …

Read More »

Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed

406 incidents

From April 2024 to April 2025, Flashpoint analysts noted that the financial sector was a major target for threat actors, with 406 incidents publicly reported as ransomware attacks, accounting for seven percent of all ransomware incidents during that time. Why Finance? The financial sector consistently ranks as one of the …

Read More »