CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these flaws are being actively exploited, CISA has not shared specific details about the attacks or the perpetrators. CVE-2023-20118 allows attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, …
Read More »
MediaTek has released its March 2025 Product Security Bulletin, which highlights new security vulnerabilities affecting various chipsets in smartphones, tablets, AIoT devices, smart displays, OTT hardware, computer vision platforms, audio systems, and smart TVs. The bulletin reports 10 vulnerabilities, three of which are high severity. The high-severity ones could enable …
Read More »
Qualcomm’s March 2025 Security Bulletin addresses vulnerabilities in its products, including automotive systems, mobile chipsets, and networking devices. It includes fixes for critical issues like memory corruption and input validation flaws. Critical vulnerabilities have been identified in automotive systems, particularly affecting the QNX operating system (CVE-2024-53012, CVE-2024-53022, CVE-2024-53029, CVE-2024-53030, CVE-2024-53031, …
Read More »
On Sunday, Poland Minister for Digitalisation Krzysztof Gawkowski said that Polish cybersecurity services found unauthorized access to the IT infrastructure of the Polish Space Agency (POLSA). “In connection with the incident, the systems under attack were secured … Intensive operational activities are also underway to identify who is behind the …
Read More »
Security researchers found that datasets used by companies to develop large language models included API keys, passwords, and other sensitive credentials. Large language models are dominating the online landscape, with companies promoting AI solutions that claim to solve all problems. For an AI to be effective, it needs extensive training …
Read More »
Amnesty International’s Security Lab discovered a cyber-espionage campaign in Serbia, where officials used a zero-day exploit from Cellebrite to unlock a student activist’s Android phone. On December 25, 2024, an attack used flaws in Linux kernel USB drivers to bypass the lock screen on a Samsung Galaxy A32. Forensic analysis …
Read More »
DragonForce ransomware targets organizations in Saudi Arabia. An attack on a major Riyadh real estate and construction firm led to the theft of more than 6TB of sensitive data. Resecurity’s new advisory reports that threat actors announced a breach on February 14, 2025, demanding ransom before releasing stolen information. The …
Read More »
Microsoft has filed an amended complaint in recent civil litigation, naming the main developers of malicious tools that bypass the safeguards of generative AI services, including its Azure OpenAI Service. The legal action aims to stop their actions, dismantle their illegal operation, and deter others from misusing AI technology. The …
Read More »
At the Global Investors Summit 2025, Union Minister Ashwini Vaishnaw announced that India’s first indigenous semiconductor chip will be ready for production by 2025, showcasing the significant growth of Madhya Pradesh’s electronics manufacturing sector. Minister Vaishnaw congratulated the HLBS family on their new plant’s inauguration, which coincided with Mahashivratri. He …
Read More »
Cisco has warned of a critical vulnerability, CVE-2025-20111, in several Nexus switch models. This flaw could let attackers remotely crash the devices, leading to a denial of service (DoS). Cisco reports that a vulnerability exists due to improper handling of certain Ethernet frames. An attacker can exploit this by repeatedly …
Read More »
InfoSecBulletin Cybersecurity for mankind
