Uncategorized

Recent incidents continue to bring this into focus with active exploitations of known vulnerabilities as investigations by Fortinet have discovered a post exploitation technique used by a threat actor. During the investigation, a threat actor was observed using known vulnerabilities (e.g. FG-IR-22-398, FG-IR-23-097, FG-IR-24-015) to gain access to Fortinet devices. …

In its April 2025 security update, Google patched 62 vulnerabilities in Android, including two zero-days used in targeted attacks. Among the 62 fixed vulnerabilities, most are high-severity elevation of privilege flaws, and two are zero-day vulnerabilities that hackers can easily exploit. CVE-2024-43197 is a critical privilege escalation flaw in the …

Apple has issued an urgent security advisory about 3 critical zero-day vulnerabilities—CVE-2025-24200, CVE-2025-24201, and CVE-2025-24085—that are being actively exploited in advanced attacks. Multiple Apple devices, including iPhones, iPads, and Macs, are affected by these vulnerabilities. Users should update their devices right away to reduce security risks. Significant Vulnerabilities Under Active …

Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4 million). On March 25, the National Cyber Security Agency (Nacsa) and Malaysia Airports Holdings Berhad (MAHB) announced a cyber-security threat targeting some computer systems at KLIA on March 23. “A …

Microsoft’s March 2025 Patch Tuesday update fixes 57 flaws, including seven zero-day exploits, six of which are actively being exploited. Notably, CVE-2025-24983 is a critical use-after-free flaw in the Windows Win32 Kernel Subsystem linked to the “PipeMagic” backdoor. This update is essential for IT and security professionals as it addresses …

On April 19, 2025 (Saturday), Brain Station 23 and Poridhi are jointly going to organize “AI ENGINEERING HACKATHON”. The prize money for the winners of the hackathon will be a total of 3,50,000 taka! There will be free training sessions, attractive gifts and certificates for all participants in the competition. …

Cisco has alerted customers about a vulnerability in Webex for BroadWorks that could allow unauthorized attackers to access credentials remotely. Webex for BroadWorks combines Cisco Webex’s video conferencing and collaboration tools with the BroadWorks unified communications platform. Cisco has not assigned a CVE ID for a security issue but announced …

NVIDIA has released urgent security advisories for multiple vulnerabilities in its Hopper HGX 8-GPU High-Performance Computing platforms. A critical flaw (CVE-2024-0114, CVSS 8.1) allows unauthorized code execution, privilege escalation, and data compromise. A medium-severity vulnerability (CVE-2024-0141, CVSS 6.8) in the GPU vBIOS layer The vulnerabilities could enable denial-of-service attacks through …

Amnesty International’s Security Lab discovered a cyber-espionage campaign in Serbia, where officials used a zero-day exploit from Cellebrite to unlock a student activist’s Android phone. On December 25, 2024, an attack used flaws in Linux kernel USB drivers to bypass the lock screen on a Samsung Galaxy A32. Forensic analysis …

DragonForce ransomware targets organizations in Saudi Arabia. An attack on a major Riyadh real estate and construction firm led to the theft of more than 6TB of sensitive data. Resecurity’s new advisory reports that threat actors announced a breach on February 14, 2025, demanding ransom before releasing stolen information. The …