Tuesday , April 1 2025

infosecbulletin

Cloudflare logs faces major failure, losing 55% of user data

flowchart

Cloudflare suffered an incident roughly 3.5 hours On November 14, 2024 impacting the majority of customers using Cloudflare Logs. Cloudflare lost about 55% of the logs normally send to customers were not sent and were lost on that incident. Log services are crucial for network operations, helping businesses analyze traffic, …

Read More »

VMware Patched critical flaw in Aria Operations

vmware

VMware revealed several critical vulnerabilities in its Aria Operations product, with the most severe allowing attackers to gain root user privileges on affected systems. The advisory, VMSA-2024-0022, released on November 26, 2024, addresses five distinct vulnerabilities: CVE-2024-38831 is a local privilege escalation vulnerability with a CVSSv3 score of 7.8. CVE-2024-38832 …

Read More »

RomCom Exploits Firefox and Windows Zero-Day

Firefox windows

According to ESET, Russia linked Ramcom exploit the two zero days of Mozilla FireFox and Microsoft Window addressed CVE 2024-9680, and 2024-49039. “In a successful attack, if a victim browses a web page containing the exploit, an adversary can run arbitrary code – without any user interaction required (zero click) …

Read More »

MITRE discloses 2024 CWE Top 25 critical software flaw

Chart

MITRE identified Cross-site scripting as the most critical software flaw in its recent published report of the past year. The nonprofit published its latest ranking of the Top 25 Most Dangerous Software Weaknesses on November 20, highlighting critical flaws from the Common Weakness Enumeration (CWEs) catalog between June 2023 and …

Read More »

Python NodeStealer: harvest credit card and Facebook Ads Manager

Hacker

Jan Michael Alcantara of Netskope Threat Labs reported, Python NodeStealer has resurfaced with advanced techniques and a broader target range. The report shows that primarily the infostealer to target Facebook business accounts and harvests credit card information. The malware targets Facebook Ads Manager accounts to steal login details, cookies, and …

Read More »

Cisco Talos
Over 60% of Emails with QR Codes are spam

QR code

Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people underestimate potential threats. Anti-spam filters can’t detect QR codes in images, allowing many spam emails to go unnoticed. While only 1 in 500 emails contains a QR code, around 60% …

Read More »

CERT-In Flags Multiple Critical Vulnerabilities in Zoom app

zoom

CERT-In issued a security advisory for multiple vulnerabilities in the Zoom app that could let attackers access sensitive information, escalate privileges, or disrupt service. Vulnerabilities exist in various Zoom products, including the Zoom Workplace App, Zoom Rooms Client, and Zoom Video SDK, across multiple operating systems: macOS, iOS, Windows, Linux, …

Read More »