Thursday , April 3 2025

infosecbulletin

(CVE-2024-39929)
Critical Exim Vulnerability Impacts 1.5 Million Mail Servers

coding

Censys has warned that more than 1.5 million Exim mail transfer agent (MTA) instances are vulnerable to a critical security issue. This vulnerability allows threat actors to bypass security filters. Exim developers fixed a security flaw, tracked as CVE-2024-39929, impacting versions up to 4.97.1. The vulnerability is caused by not …

Read More »

AT&T data breach exposes call logs of 109 million customers

At&T

AT&T, an American telecom service provider, has confirmed a data breach. The data approximately 109 million almost all its wireless customers and customers of mobile virtual network operators (MVNOs) who use AT&T’s wireless network was accessed by threat actors. AT&T’s MVNOs include Black Wireless, Boost Infinite, Consumer Cellular, Cricket Wireless, …

Read More »

CVE-2024-5910
Critical Vulnerability Threatens Palo Alto Networks’ Expedition

Palo alto network

Palo Alto Networks has issued a critical security advisory outlining numerous vulnerabilities across its product lines, such as PAN-OS, Cortex XDR, and Expedition. These weaknesses vary in severity and potential impact, but collectively present a significant risk to organizations that depend on Palo Alto’s solutions. CVE-2024-5910: Missing Authentication in Expedition …

Read More »

Vulnerabilities in GitLab Allows Attackers to Execute Unauthorized Pipelines

Gitlab

GitLab has issued a warning about a serious vulnerability in its GitLab Community and Enterprise editions. This vulnerability allows attackers to execute pipeline jobs as if they were another user. GitLab’s DevSecOps platform is used by more than 30 million registered users, including T-Mobile, Goldman Sachs, Airbus, Lockheed Martin, Nvidia, …

Read More »

Adobe Issues Critical Security Patches for Various Products

adobe

Adobe released security updates to fix several vulnerabilities in their software. These vulnerabilities could be used by cyber attackers to gain control of a system. CISA encourages users and administrators to review the following Adobe Security Bulletins and apply necessary updates: Security Updates Available for Adobe Premiere Pro | APSB24-46: …

Read More »

CISA Warns Hacker Use OS Command Injection Vulnerabilities to Compromise Systems

CISA

OS command injection vulnerabilities are a preventable type of weakness in software. Manufacturers can eliminate them by taking a secure design approach. Despite efforts, these vulnerabilities still appear, allowing adversaries to exploit them for harm. CISA and FBI are releasing this Alert because of recent well-known attacks that took advantage …

Read More »

Pakistan allows spy agency to intercept phone messages, calls

phone call

The Pakistan Ministry of Information Technology and Telecommunication has given permission to the Inter-Services Intelligence (ISI) to intercept citizens’ phone communications for national security reasons. Issued on Monday, the ministry’s notification — a copy of which is available with Dawn.com — said that the authorisation was granted to the ISI …

Read More »