Alert

SonicWall’s SMA100 series SSL-VPN appliances have serious security vulnerabilities, revealing ongoing issues in network infrastructure. The identified vulnerabilities show fundamental programming errors that allow pre-authentication attacks against firmware version 10.2.1.1.5. CVE-2025-40596: Pre-Authentication Stack Buffer Overflow WatchTower Labs found a classic stack-based buffer overflow vulnerability caused by malformed HTTP requests to …

Some customers of Broadcom’s VMware business currently cannot access security patches, putting them at greater risk of attack. Customers in that perilous position hold perpetual licenses for VMware products but do not have a current support contract with Broadcom, which will not renew those contracts unless users sign up for …

A harmful Android app has been found that pretends to be real Indian banking apps to steal credentials, spy on users, and carry out unauthorized transactions. It uses Firebase for command-and-control operations to deploy phishing pages that look like real banking interfaces, deceiving users into sharing sensitive information. Static analysis …

BGD e-GOV CIRT alert for a potential risk of cyber attack on Thursday (24.07.2025). In its situational alert, CIRT said, based on current threat intelligence, there is a potential risk of a large-scale cyberattack targeting Bangladesh’s ICT infrastructure in the coming days. CIRT mentioned that the cyber attack focuses on …

AWS has issued a security patch for a severe local privilege escalation vulnerability (CVE-2025-8069) in its Windows Client VPN software. Rated at CVSS 7.8, this flaw allows non-admin users to run code with higher privileges during installation, posing risks for shared or enterprise devices. The issue lies in the way …

Dahua Technology released a security advisory about two serious vulnerabilities in its IP cameras, after a report from the Bitdefender IoT Research Team. The vulnerabilities, CVE-2025-31700 and CVE-2025-31701, each have a CVSS score of 8.1 and are due to buffer overflow issues that can let remote attackers crash devices or …

Sophos has released a security advisory addressing five vulnerabilities in Sophos Firewall, two of which are critical and could enable remote attackers to take control of affected devices in specific situations. The company confirms that fixes have been automatically deployed through hotfixes, assuming the auto-installation setting is default.   Remediation …

Microsoft issued urgent updates for two serious SharePoint security holes, identified as CVE-2025-53770 and CVE-2025-53771, used in attacks known as “ToolShell.” Both vulnerabilities exclusively affect on-premises SharePoint Servers, allowing threat actors to exploit them for unauthenticated, remote code execution. Microsoft has announced that the SharePoint vulnerability CVE-2025-53770, with a CVSS …

Hewlett-Packard Enterprise (HPE) warns that Aruba Instant On Access Points have hardcoded credentials, enabling attackers to skip normal authentication and reach the web interface. Aruba Instant On Access Points are small, easy-to-use Wi-Fi devices for small to medium businesses. They provide advanced features like guest networks and traffic segmentation, and …

Defence Minister Chan Chun Sing said these select units will work with the Cyber Security Agency (CSA) in a united government response to the threat, local media reported. Chan described the cyberattack as “one example of the emerging threats” that the military has to handle, the reports said. There have been …