The FBI warns about the Kali365 phishing platform (PhaaS). It is used to take over Microsoft 365 accounts by misusing OAuth device code authentication to steal session tokens and get around multi-factor authentication (MFA). Kali365 appeared in April 2026, as per the FBI PSA. It is shared through Telegram channels …
Read More »Malware Surge Hits Bangladesh: 55+ Strains Detected; 160+ Actively Spreading
More than 55 different types of malware were found last week, and over 160 malware types are spreading in Bangladesh. Some notable malware groups are Android.BadBox2, Android.Vo1d, Avalanche-Andromeda, and Mirai. This shows that both mobile devices and IoT systems are still being targeted. The malware strains targeted Bangladesh’s cyber landscape …
Read More »
ALERT
Trend Micro warns of zero-day exploit in Apex One: CISA adds to KEV
Trend Micro has fixed a security hole in Apex One that was used in attacks on Windows systems. Tracked as CVE-2026-34926, a directory traversal vulnerability in the Apex One (on-premise) server which could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to …
Read More »NYC hospital breach exposesd 1.8 million fingerprints, medical records
A big data breach has put the personal information of at least 1.8 million patients at risk. Hackers were in the healthcare network for months from November last year to February. They quietly copied very sensitive files before anyone found out. The stolen data includes medical records, payment info, ID …
Read More »GitHub Internal Source Code Repo Compromised via malicious VSCode extension
GitHub said that about 3,800 internal repositories were hacked because of installing a harmful VS code extension by an employee. “Yesterday we detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response …
Read More »Hackers Exploit Entra ID Accounts to Steal Microsoft 365, Azure Data
Hackers misuse Microsoft Entra ID accounts to steal data from Microsoft 365 and Azure. A very advanced cyberattack by a group called Storm-2949 is aiming at Microsoft Entra ID accounts to take sensitive data from Microsoft 365 and Azure. Storm-2949 used real cloud management tools to get deep access to …
Read More »
CIRT ALERT
New AsyncRAT malware campaign detected in Bangladesh cyber space
BGD e-GOV CIRT found a cyber-attack campaign using AsyncRAT (Asynchronous Remote Access Trojan) aimed at Bangladesh. Threat analysis shows that the website ck44jili[.]com is a main Control Center (C2) for the AsyncRAT malware. The campaign mixes malware, remote access, and fake financial tricks. Attackers hide harmful files as real software …
Read More »NVIDIA reports GeForce NOW breach affecting Armenian users
BleepingComputer reported NVIDIA has confirmed in a statement that GeForce NOW user information has been exposed in a data breach. The big gaming and hardware company said the effect is only in Armenia and happened because a regional partner’s system was compromised. The company added that its own network was …
Read More »Trellix Confirm Source Code repository Breach
Trellix reported a security flaw that impacted part of its source code repository, but the company states there is no evidence of code being used wrongly. It quickly started a probe with experts and informed the law enforcement agency. “Trellix recently identified unauthorized access to a portion of our source …
Read More »Hacker claims to steal Standard Bank 1.2TB data
A hacker claimed that 1.2TB of private data stolen from Standard Bank, including client credit card details, will be shared online in stages. The bank, the largest in South Africa by assets, was breached in late February, with the hacker known as “ROOTBOY” claiming that they spent “just over three …
Read More »
InfoSecBulletin Cybersecurity for mankind