SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked by a contracted outsourcing firm. In response, the company intends to end its contract with the provider and will collaborate with the police to assess future actions. SoftBank announced that …
Read More »
A new report from Bitsight reveals that over 40,000 internet-connected security cameras around the world are exposed, broadcasting live footage without user consent or basic security. “Most times, all that an attacker needs to spy on homes or even large organizations is just a web browser and the right IP …
Read More »
More than 84,000 Roundcube webmail installations are at risk due to CVE-2025-49113, a severe remote code execution (RCE) vulnerability that comes with an available public exploit. The flaw in Roundcube (versions 1.1.0 to 1.6.10) was discovered by Kirill Firsov and was patched on June 1, 2025. The bug stems from …
Read More »
The Security Intelligence and Response Team (SIRT) at Akamai has found that multiple Mirai-based botnets are exploiting CVE-2025-24016, a critical RCE vulnerability in Wazuh servers. This flaw, which has a CVSS score of 9.9, allows remote attackers to execute arbitrary Python code through unsanitized JSON inputs in the Wazuh Distributed …
Read More »
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the “Agenda” name and has since claimed responsibility for over …
Read More »
Cisco fixed a critical vulnerability in the Identity Services Engine (ISE) that could let unauthorized attackers carry out harmful actions. The vulnerability, CVE-2025-20286 (CVSS score 9.9), affects Cisco ISE on AWS, Microsoft Azure, and Oracle Cloud. It allows unauthenticated remote attackers to access sensitive data, perform basic admin tasks, modify …
Read More »
Cybersecurity researcher Jeremiah Fowler discovered an unprotected database with 3,637,107 records likely from a no-code app-building platform. The unprotected database, totaling 12.2 TB and containing 3,637,107 records, included internal files, images, and spreadsheets labeled “users” and “invoices.” These documents featured names, emails, physical addresses, and payment details for users and …
Read More »
As Bangladesh prepares for the extended Eid-ul-Adha holidays, the BGD e-GOV Computer Incident Response Team (CIRT) has issued an urgent cybersecurity alert, warning of heightened cyber threats due to reduced monitoring and operational oversight during the festive period. Current Threat Landscape: The CIRT’s Cyber Threat Intelligence Unit has detected widespread …
Read More »
A hacker known as “303” claim to breach the company’s systems and leaked sensitive internal data on a dark web forum. The reported breach involves GitHub credentials and source code from Deloitte’s U.S. consulting division’s internal project repositories. Medium reports, “On May 30, 2025, Deloitte, a leading global consulting firm, …
Read More »
Cybersecurity researchers recently revealed a coordinated cloud-based scanning attack that targeted 75 different exposure points earlier this month. On May 8, 2025, GreyNoise observed activity from 251 malicious IP addresses located in Japan and hosted by Amazon. “These IPs triggered 75 distinct behaviors, including CVE exploits, misconfiguration probes, and recon …
Read More »
InfoSecBulletin Cybersecurity for mankind