Since November 14, 2025, hackers launched over 2.3 million attacks on Palo Alto Networks’ GlobalProtect VPN portals, as reported by GreyNoise. A 40-fold increase in activity within 24 hours marks the highest level in 90 days, indicating rising risks to global remote access systems. Attacks aim at the /global-protect/login.esp URI …
Read More »
Fortinet warned on Friday about a vulnerability in FortiWeb that lets remote, unauthenticated attackers gain admin access to web application firewalls. The bug, labeled CVE-2025-64446 with a CVSS score of 9.1, is a path traversal vulnerability, allowing attackers to run admin commands through specially crafted HTTP or HTTPS requests. Fortinet noted, …
Read More »
Ransomware attacks rose 30% in October, reaching the second-highest total ever. With 623 attacks, October’s count was only behind February 2025, when a CL0P MFT campaign led to 854 attacks. This marks the sixth straight month of rising ransomware incidents, as stated in Cyble’s blog. Qilin was the most active …
Read More »
Wiz, a cloud security company, analyzed GitHub repositories of major AI firms and discovered that many had leaked verified secrets that could reveal sensitive information. Leaked secrets are typically found by GitHub’s scanners, repository owners’ scans, and third-party automated scans for marketing. The cloud security firm aimed for a new …
Read More »
Amazon’s threat intelligence team discovered that attacker exploiting previously undisclosed zero-day vulnerabilities in Cisco Identity Service Engine (ISE) and Citrix systems. This campaign utilized custom malware and showed access to various hidden vulnerabilities, indicating a trend where attackers target essential identity and network access controls. Amazon’s MadPot honeypot service identified …
Read More »
QNAP has urgently advised users and released patches for seven zero-day vulnerabilities exploited during the Pwn2Own Ireland 2025 competition, affecting their NAS devices. These patches address critical flaws in the core operating systems and key applications, such as backup and malware removal tools. Top security research teams, including Summoning Team, …
Read More »
The government and Bangladesh Telecommunication Regulatory Commission (BTRC) have received credible information that some companies of Bangladesh Internet Service Providing (ISP) sector are trying to destroy the networks and businesses of rival ISPs through DDoS (Distributed Denial of Service) attacks organized from abroad according to Faiz Ahmad Taiyeb adviser (Ministry …
Read More »
A hacker claims to breach HSBC USA and alleges to possess a large database of sensitive customer personal information and financial details. The hacker shared screenshots and data samples on a dark web forum, claiming that the breach was a result of coordinated efforts to access the bank’s records. The …
Read More »
Thousands of Americans’ personal job-seeking details were publicly exposed because of an unsecured database linked to the House Democrats’ Official Online Resume Bank, DomeWatch.us. The security lapse was brought to light by the research firm Safety Detectives, after an anonymous cybersecurity researcher reported to them about an “unencrypted and non-password-protected …
Read More »
A report reveals that over 3,000 malicious YouTube videos were used to spread infostealer malware. Check Point Research has named a major malware operation the “YouTube Ghost Network.” It uses fake YouTube accounts to spread infostealer malware like Rhadamanthys and Lumma. Game hacks and cheats and software cracks and piracy …
Read More »
InfoSecBulletin Cybersecurity for mankind