India’s Civil Aviation Minister K Rammohan Naidu informed the Rajya Sabha that some flights reported Positioning System- GPS spoofing in the vincinity of Indira Gandhi International Airport in New Delhi while using GPS-based landing procedures. In a written reply to a question on GPS spoofing, Mr Naidu told the House …
Read More »CISA Flags Actively Exploited OpenPLC Flaw Exploited in Attacks
Cybersecurity and Infrastructure Security Agency (CISA) has mandated federal agencies to protect their industrial control systems due to active exploitation. CVE-2021-26829, a vulnerability in OpenPLC ScadaBR, is now included in the KEV Catalog. This inclusion signals that threat actors are actively weaponizing this specific flaw to target operational technology (OT) …
Read More »Pakistan National CERT Warn Gov.t, CII and Military On Serious Cyber Attacks
National Cyber Emergency Response Team of Pakistan (National CERT) has warned government agencies, military organizations, and critical infrastructure about a significant security vulnerability in Oracle E-Business Suite (EBS). Hackers can fully control affected systems without needing a password. They can steal sensitive data and disrupt operations, causing significant damage. According …
Read More »Tenda N300 Vulns Let Attacker to Execute Arbitrary Commands
CERT/CC has warned of unpatched command injection vulnerabilities in Tenda’s 4G03 Pro and N300 routers. These flaws allow attackers to execute root commands, and there are no fixes from the vendor, putting users at risk. According to the advisory, “A command injection vulnerability exists across multiple firmware versions that allows …
Read More »WhatsApp API flaw let researchers scrape millions of Bangladeshi accounts
Researchers gathered 3.5 billion WhatsApp phone numbers and personal information by abusing a contact-discovery API without proper rate limiting. This study shows a common tactic used by threat actors to collect user information from unprotected public APIs, even though the researchers haven’t shared the data. Abusing WhatsApp API: The researchers …
Read More »CISA warns of active exploitation of Oracle Identity Manager RCE flaw
CISA warns government agencies to patch Oracle Identity Manager (CVE-2025-61757) due to potential zero-day exploitation. CVE-2025-61757 is a pre-authentication remote code execution vulnerability in Oracle Identity Manager, found by Searchlight Cyber analysts Adam Kues and Shubham Shahflaw. The flaw stems from an authentication bypass in Oracle Identity Manager’s REST APIs, …
Read More »CERT-In Alerts: Asus Router Flaw Endangers Millions in India
CERT-In warns that many homes, small offices, and service providers in India are at risk from a critical authentication flaw, CVE-2025-59367, found in popular Asus DSL-series WiFi routers. The national cybersecurity agency has issued a security alert regarding this vulnerability. The CERT-In Vulnerability Note CIVN-2025-0322 warns that remote attackers can …
Read More »Clop ransomware claim to breach Oracle via E-Business Suite 0-Day hack
The Clop ransomware gang claims to have breached Oracle’s internal systems and has listed the company on its dark web leak site. This is part of a large extortion campaign that takes advantage of a serious zero-day vulnerability in Oracle E-Business Suite (EBS), dubbed CVE-2025-61882. Security experts report that Clop …
Read More »Hackers targeting Palo Alto’s GlobalProtect VPN with 2.3 million attacks
Since November 14, 2025, hackers launched over 2.3 million attacks on Palo Alto Networks’ GlobalProtect VPN portals, as reported by GreyNoise. A 40-fold increase in activity within 24 hours marks the highest level in 90 days, indicating rising risks to global remote access systems. Attacks aim at the /global-protect/login.esp URI …
Read More »CISA urges gov.t agencies to patch new FortiWeb flaw within 7 days
CISA has instructed U.S. gov.t agencies to secure their systems within a week due to a vulnerability in Fortinet’s FortiWeb web application firewall that has been exploited in zero-day attacks. CVE-2025-58034 is an OS command injection flaw that lets authenticated attackers execute code with minimal effort and no user interaction. …
Read More »
InfoSecBulletin Cybersecurity for mankind