On June 5, 2025, CISA released seven advisories regarding Industrial Control Systems (ICS) that highlight current security issues, vulnerabilities, and exploits. ICSA-25-155-01 CyberData 011209 SIP Emergency Intercom ICSA-25-155-02 Hitachi Energy Relion 670, 650 series and SAM600-IO Product ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update H) ICSA-25-133-02 Hitachi Energy Relion …
Read More »Fortinet flaws now exploited in Qilin ransomware attacks
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the “Agenda” name and has since claimed responsibility for over …
Read More »Critical Cisco ISE flaw impacts cloud deployments on AWS, Microsoft Azure, and OCI
Cisco fixed a critical vulnerability in the Identity Services Engine (ISE) that could let unauthorized attackers carry out harmful actions. The vulnerability, CVE-2025-20286 (CVSS score 9.9), affects Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud. It allows unauthenticated remote attackers to access sensitive data, perform basic admin tasks, modify …
Read More »CVSS 9.6: IBM QRadar & Cloud Pak Security Flaws Exposed
IBM has issued a security advisory for vulnerabilities in its QRadar Suite Software and Cloud Pak for Security platforms. These flaws, which vary in severity from medium to critical, can lead to remote code execution, information disclosure, and denial of service (DoS) attacks. The bulletin lists five security vulnerabilities affecting …
Read More »
ALERT
Thousands of IP addresses compromised nationwide: CIRT warn
As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent cybersecurity alert, warning of heightened cyber threats due to reduced monitoring and operational oversight during the festive period. Current Threat Landscape: The CIRT’s Cyber Threat Intelligence Unit has detected widespread …
Read More »New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries
In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover. Initial samples mostly came from test campaigns, with a few live campaigns observed. Croco-bonus – Get Free Malware! Initial Crocodilus samples indicated operations in Europe, primarily focusing on Turkey. Recently, …
Read More »Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks
Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being actively exploited in targeted attacks. The company reported two major flaws (CVE-2025-21479 and CVE-2025-21480) identified by the Google Android Security team in late January, and a third serious vulnerability (CVE-2025-27038) …
Read More »Critical RCE Flaw Patched in Roundcube Webmail
Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher firs0v, the issue has been addressed in the latest updates for the 1.6 and 1.5 LTS versions. The security update addresses a post-authentication RCE vulnerability caused by PHP object deserialization. …
Read More »
CVE-2023-39780
Botnet hacks thousands of ASUS routers
GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed ASUS routers. This seems to be part of a covert effort to create a network of backdoor devices, possibly aiming to establish a botnet in the future. The tactics in this campaign—sneaky initial access, using …
Read More »Bangladesh Bank instructed using AI to prevent online gambling
The rise of online gambling in the country is leading to increased crime and societal issues. In response, the central bank has implemented strict measures to curb these activities. On Wednesday, May 28, the Payment Systems Department of Bangladesh Bank instructed all banks and financial institutions to enhance monitoring of …
Read More »
InfoSecBulletin Cybersecurity for mankind