Alert

Trend Micro warned customers to quickly secure their systems due to a remote code execution vulnerability in its Apex One endpoint security platform that is currently being exploited. Apex One is an endpoint security platform designed to automatically detect and respond to threats, including malicious tools, malware, and vulnerabilities. The …

A coordinated phishing campaign has been uncovered targeting critical Bangladeshi infrastructure — particularly government organizations and law enforcement agencies. This attack leveraged compromised official email credentials to distribute fraudulent emails containing malicious attachments and deceptive login pages reported by BGD e-Gov CIRT. 📌 Key Attack Techniques: Email Spoofing Using Trusted …

More than 100 Dell laptop models in the Latitude and Precision series are vulnerable due to five common security issues affecting their firmware and Microsoft Windows APIs, according to a Cisco Talos report. Talos researchers named the vulnerabilities ReVault. They allow an attacker to keep access to a victim’s device …

Bangladesh Bank has issued a public warning regarding a fraudulent website operating under the guise of the country’s official National Card Scheme, TakaPay. According to the central bank, the fake website (https://takapaycard.com) is illegally collecting sensitive personal information, including names, phone numbers, email addresses, national IDs, and passport numbers. The …

HashiCorp has recently fixed a critical vulnerability—CVE-2025-6000—in its secrets management tool, Vault. With a CVSS score of 9.1, this flaw could let privileged Vault operators run arbitrary code on the host system if misconfigured. “A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code …

A new ransomware threat in 2025, SafePay, has executed over 265 attacks across various continents. The group emerged in September 2024, initially targeting around 20 victims. Since early 2025, it has significantly intensified its operations and now poses a serious threat in global ransomware. SafePay’s victims are mostly in developed …

Over 17k Microsoft SharePoint servers are exposed to internet attacks, with 840 vulnerable to the critical zero-day vulnerability CVE-2025-53770, according to Shadowserver Foundation. The “ToolShell” vulnerability has a critical CVSS score of 9.8 and lets unauthorized users run arbitrary code on on-premises SharePoint servers. Microsoft has attributed the attacks to …

Apple released security updates to fix a serious vulnerability exploited in zero-day attacks on Google Chrome users. CVE-2025-6558 is a security vulnerability caused by improper validation of untrusted input in the ANGLE (Almost Native Graphics Layer Engine). This open-source graphics layer manages GPU commands and converts OpenGL ES API calls …

Bangladesh Bank has alerted all scheduled banks to enhance their cybersecurity measures to protect sensitive financial data and ICT systems due to increasing cyber threats in the banking sector. Key Areas of Concern and Required Actions: Operating System & Software Patching: Ensure all servers and critical systems are regularly updated …