A new vulnerability, CVE-2025-4235, in Palo Alto Networks’ User-ID Credential Agent for Windows, could reveal a service account’s password in cleartext with specific configurations. The vulnerability has been rated as having medium severity. The primary danger lies in the potential for privilege escalation. The impact of the vulnerability varies depending …
Read More »CyberVolk Ransomware Attacks CII In Japan, France, and UK
CyberVolk ransomware, which appeared in May 2024, has increased attacks on government agencies and critical infrastructures in Japan, France, and the UK. CyberVolk, with pro-Russian views, targets countries seen as threats to Russia using advanced encryption that is very hard to break. This article analyzes CyberVolk’s encryption system, its execution …
Read More »Microsoft warns of active directory and office vulnarability
Microsoft has issued a new warning about a critical security vulnerability in Active Directory Domain Services, known as CVE-2025-21293. An attacker with initial access could exploit this flaw to increase their privileges, gaining full control over the domain controller and compromising the network’s security. The vulnerability is categorized as an …
Read More »
(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points
Sophos fixed an authentication bypass vulnerability in its AP6 Series Wireless Access Points, preventing attackers from obtaining admin privileges. The company found the issue during internal security tests and has issued a firmware update to fix it. An attacker with network access to the access point’s management IP can bypass …
Read More »Microsoft September Patch Tuesday 2025 fixes 81 flaws, two zero-days
Microsoft patched September 2025 Patch Tuesday 81 flaws, including two publicly disclosed zero-day vulnerabilities. This Patch Tuesday addresses nine critical vulnerabilities: five for remote code execution, one for information disclosure, and two for privilege escalation. The number of bugs in each vulnerability category is listed below: 41 Elevation of Privilege …
Read More »
Bangladesh Cyber Threat Landscape- 2024
602 Vuln exploited: Afftected daily 905 IP In Bangladesh in 2024
Bangladesh Cyber Threat Landscape 2024, by BGD e-GOV CIRT, reveals a sharp escalation in cyber threats across Bangladesh. The year saw a surge in ransomware, phishing, hacktivism, and data breaches, affecting both public and private sectors. Critical vulnerabilities in outdated systems, increased use of the dark web for trading stolen …
Read More »Mis-Issued TLS Certificate Exposes 1.1.1.1 DNS Services to Exploitation
Security researchers found that three unauthorized TLS certificates were issued in May 2025 for 1.1.1.1, the public DNS service operated by Cloudflare. Improperly issued certificates by the Fina RDC 2020 authority could let attackers intercept and decrypt DNS queries, revealing users’ browsing habits. However, if a malicious or unauthorized party …
Read More »NVIDIA Releases Security Updates for BlueField, DOCA, Mellanox, ConnectX and NVOS
NVIDIA has issued important software updates to fix vulnerabilities in its BlueField DPUs, DOCA software, Mellanox DPDK, ConnectX network adapters, Cumulus Linux, and NVOS products. Many of these issues have high to critical severity and can lead to privilege escalation, denial of service, or information disclosure. The most severe vulnerability, …
Read More »Android Alert: Google Patches 120 Flaws, Two Zero-Days Under Attack
Google released security updates for September 2025, fixing 120 security flaws in Android, including two vulnerabilities actively exploited in targeted attacks. The vulnerabilities are listed below: CVE-2025-38352 (CVSS score: 7.4): A privilege escalation flaw in the Linux Kernel component CVE-2025-48543 (CVSS score: N/A): A privilege escalation flaw in the Android …
Read More »Entirely False: Google Confirms Gmail Data Breach Warning Is Fake
A viral story claims that Google has warned all 2.5 billion Gmail users about account risks due to a recent Salesforce breach, but this is false; no such warning exists. Google has now responded, that “unfortunately, several inaccurate claims surfaced this week incorrectly claiming we issued a broad warning to …
Read More »
InfoSecBulletin Cybersecurity for mankind