InfoSecBulletin Cybersecurity for mankind
As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit of BGD e-GOV CIRT has identified several web-based attacks, especially during non-office hours and holidays. Common attack methods include SSH brute force, SQL injection, PHP CGI-bin exploits, and directory traversal attacks, all seeking unauthorized access.
In the past week, several cyberattacks targeting Bangladesh have been reported. Notably, 26,887 IP addresses were found to have exposed vulnerabilities, raising the risk of exploitation.
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
CISA adds Langflow flaw to its KEV catalog
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
CIRT advises all organizations in Bangladesh to implement the following measures to strengthen the security of their infrastructure:
Maintain 24/7 monitoring of systems and networks.
Keep security tools like SIEM, IDS/IPS, and WAF active for threat detection.
Use only approved VPNs and MFA for remote access.
Restrict connections from public or unsecured networks.
Prohibit outdated or unpatched software.
Ensure secure backups for critical data and prepare for disaster recovery.
Limit access, especially during holidays, and disable unused or temporary accounts.
Report incidents to relevant cybersecurity authorities, including detection of IOCs.
Micropatches released for Windows zero-day leaking NTLM hashes
