RedMike (Salt Typhoon) targeted university devices in Bangladesh, likely to access research in telecommunications, engineering, and technology, especially from institutions like UCLA and TU Delft. Recorded Futureʼs Insikt Group identified the campaign targeted universities in various countries like Argentina, Indonesia, Malaysia, Mexico, the Netherlands, Thailand, the United States, and Vietnam. …

Xploit_Cr3w and Blind_Virus are the two champion teams categorically for BCS ICT Fest 2025 arranged jointly by BCS and BUET. After a hard competition among several teams they show their professionalism in the field respectively. The authority declared other teams name also who have demonstrated outstanding skills and determination at …

Between December 2024 and January 2025, Recorded Future’s Insikt Group discovered a campaign targeting unpatched Cisco devices used by major telecommunications providers. Victims included a US affiliate of a major UK telecom and a South African telecom. Insikt Group links this activity to the Chinese state-sponsored group RedMike, also known …

On February 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued 20 advisories about serious vulnerabilities in Industrial Control Systems (ICS) and medical devices. These disclosures aim to tackle increasing cyber threats to critical infrastructure and operational technology (OT). The advisories cover vulnerabilities in products from various manufacturers, including …

The new Astaroth Phishing Kit can bypass two-factor authentication to steal login credentials for Gmail, Yahoo, and Microsoft. It uses a reverse proxy, captures credentials in real-time, and hijacks sessions. The new phishing kit called Astaroth has been found on cybercrime networks by SlashNext threat researchers. Astaroth can bypass two-factor …

A sophisticated malware campaign is targeting military and government entities in Bangladesh. It uses social engineering to deliver malicious files disguised as official documents, aiming to infiltrate secure networks, steal credentials, and access sensitive systems. The attack starts with a WhatsApp message that forwards a file (like 508.rar) pretending to …

CrowdStrike has issued a security advisory for a serious TLS vulnerability, CVE-2025-1146, in its Falcon Sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. This vulnerability could enable man-in-the-middle (MiTM) attacks. CrowdStrike secures communications from the Falcon sensor to its cloud using standard TLS. However, a validation error …

Palo Alto Networks has issued advisories for two critical vulnerabilities in its PAN-OS. The vulnerabilities, CVE-2025-0108 and CVE-2025-0110, may enable attackers to bypass authentication and run arbitrary commands. CVE-2025-0108: Authentication Bypass Vulnerability A vulnerability in the PAN-OS management web interface (CVSSv3.1 score 7.8) allows unauthenticated attackers with network access to …

Ivanti has released security updates for Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Secure Access Client (ISAC) to fix several vulnerabilities, including three critical issues. The company discovered the flaws via its responsible disclosure program from CISA, Akamai, and the HackerOne bug bounty platform. Ivanti’s security bulletin …

Last year, a joint investigation revealed that a Florida-based data broker, Datastream Group, was selling highly sensitive location data that tracked United States (US) military and intelligence personnel overseas. However, at the time, the origin of that data remained unknown. Now, a letter sent to US senator Ron Wyden’s office …