F5 has warned of a vulnerability in NGINX, a widely used web server software. The issue, known as CVE-2025-23419, could let attackers bypass client certificate authentication and gain unauthorized access to sensitive resources. When name-based virtual hosts are configured to share the same IP address and port combination, with TLS …
Read More »(CVE-2025-23419)
Ransomware payments statistics for 2024, a drop of 35%
Ransomware payments dropped by 35% last year compared to 2023, despite an increase in the number of attacks, according to a new report from Chainalysis. Despite claims from cybersecurity firms that ransomware activity peaked in 2024, there has been a significant drop in extortion payments. Chainalysis also noted in its …
Read More »US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”
Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total cost of roughly $30. The news raises questions about whether developing advanced AI requires huge budgets or if cheaper alternatives have been ignored by major tech companies. DeepSeek recently launched …
Read More »Microsoft to boost M365 bounty program rewards Up to $27,000
Microsoft has announced a major expansion of its Microsoft 365 Bounty Program. The program now covers new Viva products for identifying vulnerabilities, offering rewards up to $27,000 for critical submissions. This update highlights Microsoft’s commitment to improving software security and promoting global collaboration in finding vulnerabilities. The expanded scope introduces …
Read More »DeepSeek reveils over 1 million chat records; Italy Bans DeepSeek
Chinese AI startup DeepSeek has exposed two databases with sensitive user and operational information from its DeepSeek-R1 LLM model. Unsecured ClickHouse instances are believed to have exposed over a million log entries that include user chat histories in plaintext, along with API keys, backend information, and operational metadata. Wiz Research …
Read More »Microsoft brings DeepSeeK to Azure AI Foundry and GitHub
Microsoft has added DeepSeek’s R1 AI model to its Azure AI Foundry platform and GitHub. This lets customers easily integrate the R1 model into their AI applications. R1 is gaining attention for being trainable at a much lower cost than top AI models like those from OpenAI. DeepSeek’s R1 model …
Read More »Hackers leverage Google’s subdomains, phone number to attack victims
Scammers called a victim using Google’s official support number and sent an email from an official subdomain. It’s unclear how they managed to use Google’s services. Software engineer Zach Latta, founder of Hack Club, reported a unique attack on GitHub. Chloe called Latta from 650-203-0000, identified as “Google.” According to …
Read More »“FirePass” starts its operation in Bangladesh officially
FirePass, a fire prevention and suppression system is officially started its operation in Bangladesh. Smart Data brings the world class technology for Bangladesh. What is FirePass? FirePass, a fire prevention and suppression system. FirePASS® Corporation was established in 2001 in New York U.S.A. after the Phenomenon of ignition suppression in …
Read More »PoC Exploit Released for TP-Link Router XSS Vuln
A newly found XSS vulnerability, CVE-2024-57514, in the TP-Link Archer A20 v3 Router has raised security concerns for users. CVE-2024-57514 is a flaw in firmware version 1.0.6 Build 20231011 rel.85717(5553) that lets attackers run arbitrary JavaScript code via the router’s web interface, posing a risk of exploitation. Discovery of the Vulnerability: …
Read More »Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes
PortSwigger has launched Burp Suite 2025.1, adding new features and improvements to enhance usability and efficiency for penetration testers. This update features major improvements to the Burp Intruder module, HTTP response analysis, and interaction management, as well as a browser upgrade and bug fixes. Auto-Pause Intruder Attacks: A key feature …
Read More »
InfoSecBulletin Cybersecurity for mankind