Friday , July 10 2026

Alert

CISA Issues Seven Advisories for Industrial Control Systems (ICS)

ICS

On June 5, 2025, CISA released seven advisories regarding Industrial Control Systems (ICS) that highlight current security issues, vulnerabilities, and exploits. ICSA-25-155-01 CyberData 011209 SIP Emergency Intercom ICSA-25-155-02 Hitachi Energy Relion 670, 650 series and SAM600-IO Product ICSA-21-049-02 Mitsubishi Electric FA Engineering Software Products (Update H) ICSA-25-133-02 Hitachi Energy Relion …

Read More »

Fortinet flaws now exploited in Qilin ransomware attacks

Qilin ransomware

The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the “Agenda” name and has since claimed responsibility for over …

Read More »

Critical Cisco ISE flaw impacts cloud deployments on AWS, Microsoft Azure, and OCI

ISE

Cisco fixed a critical vulnerability in the Identity Services Engine (ISE) that could let unauthorized attackers carry out harmful actions. The vulnerability, CVE-2025-20286 (CVSS score 9.9), affects Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud. It allows unauthenticated remote attackers to access sensitive data, perform basic admin tasks, modify …

Read More »

ALERT
Thousands of IP addresses compromised nationwide: CIRT warn

warn

As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent cybersecurity alert, warning of heightened cyber threats due to reduced monitoring and operational oversight during the festive period. Current Threat Landscape: The CIRT’s Cyber Threat Intelligence Unit has detected widespread …

Read More »

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover. Initial samples mostly came from test campaigns, with a few live campaigns observed. Croco-bonus – Get Free Malware! Initial Crocodilus samples indicated operations in Europe, primarily focusing on Turkey. Recently, …

Read More »

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

Qualcomm

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being actively exploited in targeted attacks. The company reported two major flaws (CVE-2025-21479 and CVE-2025-21480) identified by the Google Android Security team in late January, and a third serious vulnerability (CVE-2025-27038) …

Read More »

Critical RCE Flaw Patched in Roundcube Webmail

roundcube webmail

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher firs0v, the issue has been addressed in the latest updates for the 1.6 and 1.5 LTS versions. The security update addresses a post-authentication RCE vulnerability caused by PHP object deserialization. …

Read More »

CVE-2023-39780
Botnet hacks thousands of ASUS routers

ASUS routers

GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed ASUS routers. This seems to be part of a covert effort to create a network of backdoor devices, possibly aiming to establish a botnet in the future. The tactics in this campaign—sneaky initial access, using …

Read More »