Thursday , March 27 2025

infosecbulletin

Researcher found non protected database form ESHYFT containig 86000 records

ESHYFT

Cybersecurity researcher Jeremiah Fowler found and reported a non-password-protected database with over 86,000 records belonging to ESHYFT, a New Jersey-based HealthTech company. ESHYFT operates in 29 states and provides a mobile app platform connecting healthcare facilities with workers like Certified Nursing Assistants (CNAs), Licensed Practical Nurses (LPNs), and Registered Nurses …

Read More »

CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws

SuperBlack

Forescout Research- Vedere Labs identified a series of intrusion based on two Fortinet vulnerabilities which began with the exploitation of FortiGate firewall appliance dubbed SuperBlack. Researchers track this between late january and early March. Fortinet disclosed two authentication bypass vulnerabilities: CVE-2024-55591 in January and CVE-2025-24472 in February. When Fortinet first …

Read More »

CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws

authentication bypass

GitLab has released versions 17.9.2, 17.8.5, and 17.7.7 for its Community and Enterprise Editions to fix security vulnerabilities, including a critical authentication bypass issue. Critical Authentication Bypass Vulnerabilities: Two critical vulnerabilities, CVE-2025-25291 and CVE-2025-25292, are found in the ruby-saml library used by GitLab for SAML single sign-on (SSO) authentication. The …

Read More »

CVE-2025-20138
Cisco released High Security Alert for IOS XR Software

IOS XR Software

Cisco has issued a security advisory for a high-severity vulnerability in its IOS XR Software, labeled CVE-2025-20138, with a CVSS score of 8.8, which signifies a serious risk. The vulnerability in the Command Line Interface (CLI) of Cisco IOS XR Software allows an authenticated local attacker to execute arbitrary commands …

Read More »

400+ IPs Exploiting Multiple SSRF Vulnerabilities

GreyNoise

GreyNoise warns of a coordinated increase in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities across various platforms. “At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts,” the company said, adding it observed the activity on March 9, 2025. Countries …

Read More »

NVIDIA has released update for NVIDIA Riva

NVIDIA

NVIDIA has released a software update for Riva to fix security vulnerabilities that could allow privilege escalation, data tampering, denial of service, or information disclosure. NVIDIA Riva is a suite of GPU-accelerated microservices for multilingual speech and translation, designed for creating customizable, real-time conversational AI systems. It features automatic speech …

Read More »

CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”

extremely sophisticated attack

On Tuesday, Apple fixed a critical zero-day vulnerability affecting nearly all supported iPhones and iPads. The company noted that it could have been exploited in a extremely sophisticated attack against targeted individuals using older iOS versions. The vulnerability, identified as CVE-2025-24201, allows attackers to break out of the Web Content …

Read More »

Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws

57 flaws

Microsoft’s March 2025 Patch Tuesday update fixes 57 flaws, including seven zero-day exploits, six of which are actively being exploited. Notably, CVE-2025-24983 is a critical use-after-free flaw in the Windows Win32 Kernel Subsystem linked to the “PipeMagic” backdoor. This update is essential for IT and security professionals as it addresses …

Read More »

Ballista Botnet infects 6000 Unpatched TP-Link Routers

Ballista

Cato CRTL team said, a new botnet campaign dubbed Ballista target the unpatched TP-Link Archer routers. CVE-2023-1389 is a serious security vulnerability in TP-Link Archer AX-21 routers that could allow command injection and remote code execution. The Hacker news reported, “The botnet exploits a remote code execution (RCE) vulnerability in …

Read More »