In recent time, Hacker exploited Windows, VMware and Linux flaw. On another side, Australia warn about of BadCandy infections on unpatched Cisco devices. VMware: CISA added a serious security flaw affecting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities list after reports of ongoing exploitation. The …
Read More »DDoS Scandals Hit Bangladesh ISP Sector: BTRC Prepares Crackdown
The government and Bangladesh Telecommunication Regulatory Commission (BTRC) have received credible information that some companies of Bangladesh Internet Service Providing (ISP) sector are trying to destroy the networks and businesses of rival ISPs through DDoS (Distributed Denial of Service) attacks organized from abroad according to Faiz Ahmad Taiyeb adviser (Ministry …
Read More »CISA Shares Updated Guidance for Actively Exploited WSUS Vulnerability
On October 29, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) released updated guidance for organizations to detect and mitigate threats related to the CVE-2025-59287 vulnerability in Microsoft’s Windows Server Update Services (WSUS). CISA strongly urges organizations to implement Microsoft’s updated Windows Server Update Service (WSUS) Remote Code Execution Vulnerability …
Read More »APT SideWinder Actively Targeting Bangladesh With ClickOnce-Based Attack
Trellix Advanced Research Center (ARC) found a campaign targeting a European embassy in New Delhi, India. Further investigation uncovered multiple targeted institutions across Sri Lanka, Pakistan, and Bangladesh. This report analyzes the tactics used by SideWinder, an APT group known for espionage in Asia. The investigation shows that SideWinder has …
Read More »DomeWatch leak exposed Capitol Hill applicants’ personal data
Thousands of Americans’ personal job-seeking details were publicly exposed because of an unsecured database linked to the House Democrats’ Official Online Resume Bank, DomeWatch.us. The security lapse was brought to light by the research firm Safety Detectives, after an anonymous cybersecurity researcher reported to them about an “unencrypted and non-password-protected …
Read More »
Check Point Research: "YouTube Ghost Network"
Hacker Used Over 3,000 Malicious Videos to Spread Infostealer Malware
A report reveals that over 3,000 malicious YouTube videos were used to spread infostealer malware. Check Point Research has named a major malware operation the “YouTube Ghost Network.” It uses fake YouTube accounts to spread infostealer malware like Rhadamanthys and Lumma. Game hacks and cheats and software cracks and piracy …
Read More »
(CVE-2025-59287)
CIRT Alert RCE Vulnerability in Microsoft WSUS in Bangladesh
Bangladesh cyber security watchdog BGD e-GOV CIRT published an advisory (27.10.2025) regarding critical romote code execution vulnarability in Microsoft WSUS CVSS score 9.8 as per NVD, NIST. CIRT has detected a serious security flaw in Microsoft’s WSUS that could let an attacker fully control a WSUS server. This vulnerability not …
Read More »New CoPhish attack steals OAuth tokens Exploitng Copilot Studio agents
A phishing technique named CoPhish misuses Microsoft Copilot Studio to deceive users into giving hackers access to their Microsoft Entra ID accounts. Datadog Security Labs identified a method that uses customizable AI agents on legitimate Microsoft domains to disguise OAuth consent attacks, making them seem trustworthy and avoiding user suspicion. …
Read More »ALERT: APT Mysterious Elephant actively target Bangladesh
Mysterious Elephant is an active APT group identified by Kaspersky GReAT in 2023. It continually evolves its tactics to avoid detection. The group’s recent campaign, starting in early 2025, shows a notable change in their tactics, focusing more on new custom tools and open-source tools like BabShell and MemLoader. The …
Read More »MCP Server Flaw Exposes 3,000+ Servers and Thousands of API Keys
A critical vulnerability was discovered in Smithery.ai, a well-known registry for Model Context Protocol (MCP) servers. This flaw could have let hackers steal data from over 3,000 AI servers and access API keys of thousands of users. MCP connects AI apps to external tools and data, such as local files …
Read More »
InfoSecBulletin Cybersecurity for mankind