Bangladesh Bank has issued a public warning regarding a fraudulent website operating under the guise of the country’s official National Card Scheme, TakaPay. According to the central bank, the fake website (https://takapaycard.com) is illegally collecting sensitive personal information, including names, phone numbers, email addresses, national IDs, and passport numbers. The …
Read More »Fraud Alert
HashiCorp patched A Vault Flaw Allowing Code Execution
HashiCorp has recently fixed a critical vulnerability—CVE-2025-6000—in its secrets management tool, Vault. With a CVSS score of 9.1, this flaw could let privileged Vault operators run arbitrary code on the host system if misconfigured. “A privileged Vault operator within the root namespace with write permission to sys/audit may obtain code …
Read More »
SOCRadar Report
Emerging “SafePay” Ransomware Infected 260+ Victims Worldwide
A new ransomware threat in 2025, SafePay, has executed over 265 attacks across various continents. The group emerged in September 2024, initially targeting around 20 victims. Since early 2025, it has significantly intensified its operations and now poses a serious threat in global ransomware. SafePay’s victims are mostly in developed …
Read More »17K+ SharePoint Servers Exposed to Internet : 840 Servers Vuln to 0-Day Attacks
Over 17k Microsoft SharePoint servers are exposed to internet attacks, with 840 vulnerable to the critical zero-day vulnerability CVE-2025-53770, according to Shadowserver Foundation. The “ToolShell” vulnerability has a critical CVSS score of 9.8 and lets unauthorized users run arbitrary code on on-premises SharePoint servers. Microsoft has attributed the attacks to …
Read More »ChatGPT, Top 5 GenAI Tools Vulnerable to Man-in-the-Prompt Attack
A serious flaw in widely used AI tools, like ChatGPT and Google Gemini, exposes them to a new type of attack called “Man-in-the-Prompt.” Research shows that malicious browser extensions can misuse the Document Object Model (DOM) to inject prompts, steal sensitive data, and alter AI responses without needing special permissions. …
Read More »Apple patches flaw exploited in Chrome zero-day attacks
Apple released security updates to fix a serious vulnerability exploited in zero-day attacks on Google Chrome users. CVE-2025-6558 is a security vulnerability caused by improper validation of untrusted input in the ANGLE (Almost Native Graphics Layer Engine). This open-source graphics layer manages GPU commands and converts OpenGL ES API calls …
Read More »BD Bank and CIRT alert for cyber attack
Bangladesh Bank has alerted all scheduled banks to enhance their cybersecurity measures to protect sensitive financial data and ICT systems due to increasing cyber threats in the banking sector. Key Areas of Concern and Required Actions: Operating System & Software Patching: Ensure all servers and critical systems are regularly updated …
Read More »SonicWall SMA100 Series N-day Vulns Technical Details Revealed
SonicWall’s SMA100 series SSL-VPN appliances have serious security vulnerabilities, revealing ongoing issues in network infrastructure. The identified vulnerabilities show fundamental programming errors that allow pre-authentication attacks against firmware version 10.2.1.1.5. CVE-2025-40596: Pre-Authentication Stack Buffer Overflow WatchTower Labs found a classic stack-based buffer overflow vulnerability caused by malformed HTTP requests to …
Read More »Broadcom Blocks some VMware Security Updates for Perpetual License Holders
Some customers of Broadcom’s VMware business currently cannot access security patches, putting them at greater risk of attack. Customers in that perilous position hold perpetual licenses for VMware products but do not have a current support contract with Broadcom, which will not renew those contracts unless users sign up for …
Read More »
ALERT
Fake Indian Banking Apps on Android Steal Banking Credentials
A harmful Android app has been found that pretends to be real Indian banking apps to steal credentials, spy on users, and carry out unauthorized transactions. It uses Firebase for command-and-control operations to deploy phishing pages that look like real banking interfaces, deceiving users into sharing sensitive information. Static analysis …
Read More »
InfoSecBulletin Cybersecurity for mankind