Thursday , April 24 2025

infosecbulletin

MITRE warns: U.S. Govt. Funding for MITRE’s CVE Ends Today

MITRE

MITRE Vice President Yosry Barsoum warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs ends today, potentially disrupting the global cybersecurity industry. CVE, the more important of the two, is managed by MITRE with support from the U.S. National Cyber Security …

Read More »

Australian Cyber Security Centre Alert for Fortinet Products

The Australian Cyber Security Centre (ACSC) has alerted technical users in both private and public sectors about ongoing exploitation of known vulnerabilities following a new advisory highlighting the exploitation of previously known vulnerabilities in Fortinet products. Organizations are urged to take immediate action. Fortinet has detected that attackers are exploiting …

Read More »

Hackers Exploit Ivanti VPN Vulns 12 Countries to Infiltrate Multiple Orgs

Ivanti

In late March, TeamT5 found that a China-linked APT group exploited a critical vulnerability in Ivanti Connect Secure VPN appliances, affecting nearly twenty industries in twelve countries. At the time of the analysis, TeamT5 suspected that the group still had access to the victims’ networks. Victim countries include Austria, Australia, …

Read More »

Hackers Allegedly Advertise To Sell FortiGate Firewall 0-Day Exploit

FortiGate Firewall

A threat actor is reportedly advertised to sell a zero-day exploit for Fortinet’s FortiGate firewalls on a dark web forum. The exploit claims allow attackers to remotely execute code and access configurations on FortiOS without needing credentials, potentially taking control of vulnerable devices. Cybersecuritynews reported the forum post observed by …

Read More »

New Security Companies Who Are Exploring the Bangladeshi Market 

Security Companies

BlackHat Asia-2025 was held for four days at the Marina Bay Convention Center in Singapore in early April. Infosecbulletin covered this year’s event. Many world-renowned cybersecurity companies participated in this conference. Various companies, including EDR, XDR, API security, firewall, antivirus, penetration testing, and AI Security, participated in this expo and …

Read More »

Hackers retain access to patched FortiGate VPNs using symlinks

FortiGate

Recent incidents continue to bring this into focus with active exploitations of known vulnerabilities as investigations by Fortinet have discovered a post exploitation technique used by a threat actor. During the investigation, a threat actor was observed using known vulnerabilities (e.g. FG-IR-22-398, FG-IR-23-097, FG-IR-24-015) to gain access to Fortinet devices. …

Read More »

CISA Releases Ten Industrial Control Systems Advisories

CISA

The Cybersecurity and Infrastructure Security Agency (CISA) has released ten new advisories regarding Industrial Control Systems (ICS) to highlight serious vulnerabilities and exploits that could affect vital industrial systems. Released on April 10, 2025, these advisories offer essential information on current cybersecurity risks, aiding industries in threat prevention and protecting …

Read More »