Multiple security vulnerabilities have been found in GitHub Desktop and other Git projects. If exploited, these could allow attackers to access a user’s Git credentials without permission. “Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper,” GMO Flatt Security researcher Ry0taK, who discovered the …
Read More »Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes
PortSwigger has launched Burp Suite 2025.1, adding new features and improvements to enhance usability and efficiency for penetration testers. This update features major improvements to the Burp Intruder module, HTTP response analysis, and interaction management, as well as a browser upgrade and bug fixes. Auto-Pause Intruder Attacks: A key feature …
Read More »UnitedHealth confirms 190 million impacted by 2024 data breach
UnitedHealth confirmed that the ransomware attack on its Change Healthcare unit last February impacted about 190 million Americans, nearly double earlier estimates. The U.S. health insurance company confirmed the latest figures to TechCrunch on Friday after the markets closed. “Change Healthcare has determined the estimated total number of individuals impacted …
Read More »Registration Open For BCS CTF 2025
So, to test your cyber security skill, here is another chance to do that. Bangladesh computer society (BCS) is going to organize BCS ICT Fest- 2025 incusing CTF. The fest includes CTF contest, Project showcasing, Poster presentation, Technical Session and awere ceremony. Event Overview: The BCS ICT Fest 2025 is …
Read More »New Ransomware Tactics Target VMware ESXi Via SSH Tunneling
Sygnia’s recent report highlights the changing strategies of ransomware groups targeting VMware ESXi appliances. These attackers exploit vital virtual infrastructure to disrupt operations and remain hidden in compromised networks. ESXi appliances have become prime targets due to their role in hosting vital virtual machines. “Damaging them renders virtual machines inaccessible, …
Read More »Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass
An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices’ firmware as well as misconfigured security features. “These weren’t obscure, corner-case vulnerabilities,” security vendor Eclypsium said in a report. “Instead these were very well-known issues that we wouldn’t expect …
Read More »CISA Releases 6 ICS Advisories Detailing Security Issues
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released 6 advisories for Industrial Control Systems (ICS), highlighting vulnerabilities in various critical systems. These advisories are intended to alert organizations to potential risks that could result in unauthorized access, system breaches, or exposure of sensitive data if not properly addressed. The …
Read More »Account Credentials for Security Vendors Found on Dark Web: Cyble Report
# “While many leaked security credentials belong to customers, some exposed sensitive accounts suggest that security vendors too have been hit by infostealers.” # A Cyble report reveals that account credentials from multiple cybersecurity vendors are being sold on dark web marketplaces. While most of the exposed credentials belong to …
Read More »Four Critical Ivanti CSA Vulnerabilities Exploited: CISA , FBI warns
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint Cybersecurity Advisory to highlight the active exploitation of severe vulnerabilities in Ivanti Cloud Service Appliances (CSA). The vulnerabilities—CVE-2024-8963, CVE-2024-9379, CVE-2024-8190, and CVE-2024-9380—were targeted by threat actors in September 2024, leading to compromises …
Read More »GitLab Releases Patch (CVE-2025-0314) for XSS Exploit
GitLab has released update for high severity cross-site scripting (XSS) flaw. Versions 17.8.1, 17.7.3, and 17.6.4 for both Community Edition (CE) and Enterprise Edition (EE) have been released to address these issues. The CVE-2025-0314 allows attackers to inject malicious scripts into GitLab instances via “improper rendering of certain file types” …
Read More »