Thursday , April 24 2025

infosecbulletin

DeepSeek Sensitive data exposed To Web: Wiz report

New York-based cybersecurity firm Wiz has discovered sensitive data from the Chinese AI startup DeepSeek that was accidentally exposed on the internet. In a blog post, Wiz reported that scans of DeepSeek’s infrastructure revealed over a million unsecured data lines. This data contained digital software keys and chat logs that …

Read More »

“FirePass” starts its operation in Bangladesh officially

FirePass

FirePass, a fire prevention and suppression system is officially started its operation in Bangladesh. Smart Data brings the world class technology for Bangladesh. What is FirePass? FirePass, a fire prevention and suppression system. FirePASS® Corporation was established in 2001 in New York U.S.A. after the Phenomenon of ignition suppression in …

Read More »

PoC Exploit Released for TP-Link Router XSS Vuln

A newly found XSS vulnerability, CVE-2024-57514, in the TP-Link Archer A20 v3 Router has raised security concerns for users. CVE-2024-57514 is a flaw in firmware version 1.0.6 Build 20231011 rel.85717(5553) that lets attackers run arbitrary JavaScript code via the router’s web interface, posing a risk of exploitation. Discovery of the Vulnerability: …

Read More »

CVE-2024-40891
Zyxel CPE Zero-Day Exploited in the Wild

Zyxel

Security researchers have alerted about ongoing exploitation attempts of a newly found zero-day command injection vulnerability in Zyxel CPE Series devices, known as CVE-2024-40891. The critical, unpatched vulnerability has left more than 1,500 devices worldwide at risk, according to Censys. About the Vulnerability – CVE-2024-40891: CVE-2024-40891 is a vulnerability that lets …

Read More »

Apple fixed year’s first actively exploited zero-day flaw

Apple

Apple has issued security updates to address a zero-day flaw affecting iPhone users that is currently being exploited in attacks. A zero-day vulnerability, CVE-2025-24085, has been fixed today. It affects Apple’s Core Media framework and allows privilege escalation on iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. “A malicious application may …

Read More »

GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs

GitHub Desktop

Multiple security vulnerabilities have been found in GitHub Desktop and other Git projects. If exploited, these could allow attackers to access a user’s Git credentials without permission. “Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper,” GMO Flatt Security researcher Ry0taK, who discovered the …

Read More »

Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes

Burp Suite 2025.1

PortSwigger has launched Burp Suite 2025.1, adding new features and improvements to enhance usability and efficiency for penetration testers. This update features major improvements to the Burp Intruder module, HTTP response analysis, and interaction management, as well as a browser upgrade and bug fixes. Auto-Pause Intruder Attacks: A key feature …

Read More »

UnitedHealth confirms 190 million impacted by 2024 data breach

190 million

UnitedHealth confirmed that the ransomware attack on its Change Healthcare unit last February impacted about 190 million Americans, nearly double earlier estimates. The U.S. health insurance company confirmed the latest figures to TechCrunch on Friday after the markets closed. “Change Healthcare has determined the estimated total number of individuals impacted …

Read More »