QNAP has urgently advised users and released patches for seven zero-day vulnerabilities exploited during the Pwn2Own Ireland 2025 competition, affecting their NAS devices. These patches address critical flaws in the core operating systems and key applications, such as backup and malware removal tools. Top security research teams, including Summoning Team, …
Read More »DDoS Scandals Hit Bangladesh ISP Sector: BTRC Prepares Crackdown
The government and Bangladesh Telecommunication Regulatory Commission (BTRC) have received credible information that some companies of Bangladesh Internet Service Providing (ISP) sector are trying to destroy the networks and businesses of rival ISPs through DDoS (Distributed Denial of Service) attacks organized from abroad according to Faiz Ahmad Taiyeb adviser (Ministry …
Read More »Hacker claims breach of HSBC USA: Including Financial Details
A hacker claims to breach HSBC USA and alleges to possess a large database of sensitive customer personal information and financial details. The hacker shared screenshots and data samples on a dark web forum, claiming that the breach was a result of coordinated efforts to access the bank’s records. The …
Read More »DomeWatch leak exposed Capitol Hill applicants’ personal data
Thousands of Americans’ personal job-seeking details were publicly exposed because of an unsecured database linked to the House Democrats’ Official Online Resume Bank, DomeWatch.us. The security lapse was brought to light by the research firm Safety Detectives, after an anonymous cybersecurity researcher reported to them about an “unencrypted and non-password-protected …
Read More »
Check Point Research: "YouTube Ghost Network"
Hacker Used Over 3,000 Malicious Videos to Spread Infostealer Malware
A report reveals that over 3,000 malicious YouTube videos were used to spread infostealer malware. Check Point Research has named a major malware operation the “YouTube Ghost Network.” It uses fake YouTube accounts to spread infostealer malware like Rhadamanthys and Lumma. Game hacks and cheats and software cracks and piracy …
Read More »ALERT: APT Mysterious Elephant actively target Bangladesh
Mysterious Elephant is an active APT group identified by Kaspersky GReAT in 2023. It continually evolves its tactics to avoid detection. The group’s recent campaign, starting in early 2025, shows a notable change in their tactics, focusing more on new custom tools and open-source tools like BabShell and MemLoader. The …
Read More »MCP Server Flaw Exposes 3,000+ Servers and Thousands of API Keys
A critical vulnerability was discovered in Smithery.ai, a well-known registry for Model Context Protocol (MCP) servers. This flaw could have let hackers steal data from over 3,000 AI servers and access API keys of thousands of users. MCP connects AI apps to external tools and data, such as local files …
Read More »Credit Card Payment Terminal Exploited for Remote Access
A security researcher has unveiled a major vulnerability in a popular payment terminal that could allow attackers to take full control of the device in less than a minute. The Worldline Yomani XR model is used in grocery stores, cafes, repair shops, and various businesses in Switzerland. The terminal’s maintenance …
Read More »SonicWall Confirms Hackers Access All Cloud Firewall Backups
After its investigation in collaboration with leading IR Firm, Mandiant into the scope of a recent cloud backup security incident, SonicWall confirm that an unauthorized party accessed firewall configuration backup files for all customers who have used SonicWall’s cloud backup service. The files contain encrypted credentials and configuration data; while …
Read More »Hackers exploited Zimbra flaw as zero-day using iCalendar files
Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. ICS files, or iCalendar files, store plain text calendar information, like meetings and events, and allow exchange between different calendar apps. Threat actors …
Read More »
InfoSecBulletin Cybersecurity for mankind