According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called “symlink”. This number has increased from the initial 14,000 and is expected to rise as investigations continue. The attack takes advantage of known vulnerabilities in Fortinet’s FortiGate devices. After gaining access, the threat …
Read More »
PwC has ceased operations in more than a dozen countries that its global bosses have deemed too small, risky or unprofitable, as it seeks to avoid a repeat of scandals that have plagued the accounting network. The Big Four accounting firm, which operates as a global network of locally owned …
Read More »
The Australian Cyber Security Centre (ACSC) has alerted technical users in both private and public sectors about ongoing exploitation of known vulnerabilities following a new advisory highlighting the exploitation of previously known vulnerabilities in Fortinet products. Organizations are urged to take immediate action. Fortinet has detected that attackers are exploiting …
Read More »
Cybersecurity platform ANY.RUN recently reported the top 10 malware threats of the week, highlighting a surge in activity for information stealers Lumma and Snake. The findings shared in a detailed post on X highlight the changing nature of cyber threats and the need for proactive tracking to reduce risks. Lumma …
Read More »
RamiGPT is an AI security tool that targets root accounts. Using PwnTools and OpwnAI, it quickly navigated privilege escalation scenarios on various VulnHub systems, achieving root access in under a minute. Configuration: Setting Up Your OpenAI API Key: To use RamiGPT, you need an OpenAI API key. Here’s how to …
Read More »
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware following reports from security researchers at the University of Toronto’s Citizen Lab. The company addressed the attack vector late last year “without the need for a client-side fix” and decided not to assign a CVE-ID after “reviewing …
Read More »
SEC Consult researchers found a vulnerability in CrowdStrike’s Falcon Sensor, enabling attackers to evade detection and run malicious applications. The dubbed “Sleeping Beauty” vulnerability was reported to CrowdStrike in late 2023 but was dismissed as just a “detection gap.” The technique involved suspending the EDR processes instead of stopping them, …
Read More »
The Infocomm Media Development Authority (IMDA of Singapore unveils advisory guidelines to reduce occurrences of disruptions to cloud services and data centers. These guidelines will help cloud service providers and data centres to improve their security and ensure continuity by assessing risks and planning for incidents. GUIDELINES FOR CLOUD SERVICES …
Read More »
Qualcomm’s March 2025 Security Bulletin addresses vulnerabilities in its products, including automotive systems, mobile chipsets, and networking devices. It includes fixes for critical issues like memory corruption and input validation flaws. Critical vulnerabilities have been identified in automotive systems, particularly affecting the QNX operating system (CVE-2024-53012, CVE-2024-53022, CVE-2024-53029, CVE-2024-53030, CVE-2024-53031, …
Read More »
CYFIRMA analysis reveals a sophisticated malware campaign that exploits a major Indian bank’s brand through fake mobile apps. These apps, distributed via phishing links and social engineering, closely resemble the real bank apps, deceiving users into sharing their credentials and personal information. The malware uses advanced techniques, such as encrypted …
Read More »
InfoSecBulletin Cybersecurity for mankind
