SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances. Identified as CVE-2025-32818, this high-severity vulnerability has a CVSS score of 7.5, posing significant risks for enterprises using SonicWall Gen7 devices for secure network access. The official advisory states that …
Read More »
GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7 are now available for both Community Edition (CE) and Enterprise Edition (EE) to fix important bugs and security issues. High-Severity XSS and Account Takeover Risks The advisory highlights several high-severity …
Read More »
Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What happened: A media worker from Bangladesh shared a screen shot with infosecbulletin. “Can I urgently send 2000 taka to bKash now? I will give it tomorrow morning, InshaAllah.” The reporter …
Read More »
Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws could let attackers gain unauthorized access and escalate their privileges on the devices. On April 22, 2025, a security advisory was released outlining patches for CVE-2025-1731 and CVE-2025-1732, affecting various …
Read More »
Security researcher Matt Keeley showed that artificial intelligence can now develop working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are released, potentially changing vulnerability research. Keeley used GPT-4 to create an exploit for CVE-2025-32433, a serious Erlang/OTP SSH vulnerability rated 10.0 on the CVSS scale. This demonstrates the …
Read More »
Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their web management interfaces. Security researcher “The Veteran” found vulnerabilities that let remote attackers bypass authentication and gain unauthorized control of devices without valid credentials. TP-Link Router Vulnerabilities: CVE-2025-29648: TP-Link EAP120 …
Read More »
SSL.com has revealed a major security flaw in its domain validation system, which could enable attackers to acquire fake SSL certificates for domains they do not own. David Zhao, a senior researcher at CitadelCore Cyber Security Team, reported a flaw that allows manipulation of the system to issue certificates for …
Read More »
ELUSIVE COMET is a threat actor conducting a sophisticated attack campaign that uses Zoom’s remote control feature to access victims’ computers without permission. The ELUSIVE COMET operation begins with attackers masquerading as legitimate media organizations, specifically “Bloomberg Crypto,” to invite high-profile targets for interviews. Invitations are sent through social media, …
Read More »
You copy a password from your manager, thinking it’s safe. Meanwhile, your phone is saving it in plain text. Samsung says, so far, there is no solution. Imagine you just copied a password or banking logins from a password manager. Then you think, “Wait, does this go away after I …
Read More »
GitHub has released security updates for GitHub Enterprise Server to fix several vulnerabilities, including a high-severity flaw that could allow code execution by attackers. Organizations are urged to apply these patches quickly to ensure system protection. High-Risk Code Execution Vulnerability: A vulnerability (CVE-2025-3509) in the pre-receive hook feature of GitHub …
Read More »
InfoSecBulletin Cybersecurity for mankind
