A serious security vulnerability, CVE-2025-23369, has been found in GitHub Enterprise Server (GHES) that lets attackers bypass SAML authentication and impersonate user accounts. This vulnerability takes advantage of specific anomalies in the libxml2 library employed in SAML response validation, allowing unauthorized access to accounts, even those with administrative rights. The …
Read More »CVE-2025-23369
Using 2.8 millions IPs, massive brute attack ongoing
The Shadowserver Foundation reports that a brute force attack has been active since last month, using nearly 2.8 million IP addresses each day attempting to guess the credentials for a wide range of networking devices. A brute force attack occurs when attackers repeatedly try different usernames and passwords to access …
Read More »The Surge and Consequences of Romance Scams in 2024
Romance scams involve scammers creating fake profiles on online platforms to deceive people seeking love. They use attractive photos and pretend to have trustworthy jobs, like aid workers or military personnel, to attract victims. Scammers create elaborate lies to gain victims’ trust after meeting on social media, dating sites, or …
Read More »Cisco Patches Critical Identity Services Engine (ISE) Vulnerabilities
Cisco has updated its Identity Services Engine (ISE) to fix two critical security flaws that could let remote attackers execute arbitrary commands and gain elevated privileges on affected devices. The vulnerabilities are listed below: CVE-2025-20124 (CVSS score: 9.9): A vulnerability in a Cisco ISE API that allows an authenticated attacker …
Read More »CISA Adds 4 Actively Exploited Vuls to KEV Catalog
CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, noting they are actively being exploited. The list of vulnerabilities is as follows: CVE-2024-45195 (CVSS score: 7.5/9.8) – (A vulnerability in Apache OFBiz that lets a remote attacker gain unauthorized access and run code on the server, fixed …
Read More »Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts
Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants have been targeted by attacks, showing the changing tactics of threat actors. HTTP client tools are software that allows users to send HTTP requests and receive responses from web servers. …
Read More »Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104
Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8) is a vulnerability that allows privilege escalation in the USB Video Class (UVC) driver kernel component. Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, …
Read More »
CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability
Microsoft has released patches for two critical security flaws in Azure AI Face Service and Microsoft Account that could allow an attacker to escalate their privileges. The flaws are listed below: CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) – Azure AI Face …
Read More »
CVE-2024-40891
Zyxel CPE Zero-Day Exploited in the Wild
Security researchers have alerted about ongoing exploitation attempts of a newly found zero-day command injection vulnerability in Zyxel CPE Series devices, known as CVE-2024-40891. The critical, unpatched vulnerability has left more than 1,500 devices worldwide at risk, according to Censys. About the Vulnerability – CVE-2024-40891: CVE-2024-40891 is a vulnerability that lets …
Read More »DeepSeek Hit by massive Cyber Attack, Limits Registrations
DeepSeek, a Chinese AI startup that recently surpassed OpenAI’s ChatGPT as the top free app on Apple’s App Store in the U.S., is experiencing a major cyber attack and has limit new user registrations. Founded in 2023, DeepSeek has rapidly become a strong contender in the AI industry, specializing in …
Read More »
InfoSecBulletin Cybersecurity for mankind