Thursday , April 24 2025

infosecbulletin

NVIDIA has released update for NVIDIA Riva

NVIDIA

NVIDIA has released a software update for Riva to fix security vulnerabilities that could allow privilege escalation, data tampering, denial of service, or information disclosure. NVIDIA Riva is a suite of GPU-accelerated microservices for multilingual speech and translation, designed for creating customizable, real-time conversational AI systems. It features automatic speech …

Read More »

CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”

extremely sophisticated attack

On Tuesday, Apple fixed a critical zero-day vulnerability affecting nearly all supported iPhones and iPads. The company noted that it could have been exploited in a extremely sophisticated attack against targeted individuals using older iOS versions. The vulnerability, identified as CVE-2025-24201, allows attackers to break out of the Web Content …

Read More »

Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws

57 flaws

Microsoft’s March 2025 Patch Tuesday update fixes 57 flaws, including seven zero-day exploits, six of which are actively being exploited. Notably, CVE-2025-24983 is a critical use-after-free flaw in the Windows Win32 Kernel Subsystem linked to the “PipeMagic” backdoor. This update is essential for IT and security professionals as it addresses …

Read More »

Ballista Botnet infects 6000 Unpatched TP-Link Routers

Ballista

Cato CRTL team said, a new botnet campaign dubbed Ballista target the unpatched TP-Link Archer routers. CVE-2023-1389 is a serious security vulnerability in TP-Link Archer AX-21 routers that could allow command injection and remote code execution. The Hacker news reported, “The botnet exploits a remote code execution (RCE) vulnerability in …

Read More »

CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE

CVE-2025-24813

A critical vulnerability, CVE-2025-24813, has been found in Apache Tomcat, which could let attackers execute remote code, leak sensitive data, or corrupt information. The Apache Software Foundation has released an urgent advisory, urging affected users to update right away. Apache Tomcat, a popular open-source web server and servlet container, has …

Read More »

CISA Adds 3 Ivanti Endpoint Manager Bugs to KEV

Ivanti Endpoint Manager

CISA included three vulnerabilities in Ivanti Endpoint Manager—CVE-2024-13159, CVE-2024-13160, and CVE-2024-13161—in its Known Exploited Vulnerabilities catalog. Federal agencies must address these vulnerabilities by March 31, 2025, according to CISA’s directive, although no direct ransomware connection has been established. CISA updated its KEV catalog on March 10, 2025, adding three new …

Read More »

Cyber attack at Japanese telecom leader NTT hits 18,000 companies

NTT

NTT Communications Corporation discovered illegal access to its facilities on February 5 and confirmed on February 6 that some information may have been leaked. An internal investigation revealed that some corporate customer service information from Order Information Distribution System may have been leaked. However, individual customer service information was not …

Read More »

Nearly 1 million airport lost and found records leaked

Lost and Found

Cybersecurity researcher Jeremiah Fowler found that over a dozen unprotected databases from the German firm Lost and Found Software exposed 820,750 sensitive personal records about lost airport items and their owners in the U.S., Canada, and Europe. Misconfigured databases, now secured, previously exposed sensitive information such as images of lost …

Read More »