Tuesday , March 4 2025
Windows

CISA adds Cisco and Windows vulns as actively exploited

infosecbulletin 17 seconds ago Alert, Vulnerabilities

CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these flaws are being actively exploited, CISA has not shared specific details about the attacks or the perpetrators.

CVE-2023-20118 allows attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. Cisco acknowledged this vulnerability in an advisory published in January 2023, which was updated a year later, noting that its Product Security Incident Response Team (PSIRT) is aware of publicly available proof-of-concept exploit code for CVE-2023-20025.

CISA adds Cisco and Windows vulns as actively exploited

By infosecbulletin / Tuesday , March 4 2025
CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these...
Read More
CISA adds Cisco and Windows vulns as actively exploited

10 New Vulnerabilities Discovered in MediaTek Chipsets

By infosecbulletin / Monday , March 3 2025
MediaTek has released its March 2025 Product Security Bulletin, which highlights new security vulnerabilities affecting various chipsets in smartphones, tablets,...
Read More
10 New Vulnerabilities Discovered in MediaTek Chipsets

Qualcomm’s March 2025 Security Bulletin Highlights Major Vulns

By infosecbulletin / Monday , March 3 2025
Qualcomm's March 2025 Security Bulletin addresses vulnerabilities in its products, including automotive systems, mobile chipsets, and networking devices. It includes...
Read More
Qualcomm’s March 2025 Security Bulletin Highlights Major Vulns

Cyberattack detected at Polish space agency, minister says

By infosecbulletin / Monday , March 3 2025
On Sunday, Poland Minister for Digitalisation Krzysztof Gawkowski said that Polish cybersecurity services found unauthorized access to the IT infrastructure...
Read More
Cyberattack detected at Polish space agency, minister says

Nearly 12,000 API Keys and Passwords Found in Public Datasets

By infosecbulletin / Monday , March 3 2025
Security researchers found that datasets used by companies to develop large language models included API keys, passwords, and other sensitive...
Read More
Nearly 12,000 API Keys and Passwords Found in Public Datasets

Android Phone’s Unlocked Using Cellebrite’s Zero-day Exploit

By infosecbulletin / Sunday , March 2 2025
Amnesty International’s Security Lab discovered a cyber-espionage campaign in Serbia, where officials used a zero-day exploit from Cellebrite to unlock...
Read More
Android Phone’s Unlocked Using Cellebrite’s Zero-day Exploit

DragonForce Ransomware Targets Saudi Company, 6TB Data Stolen

By infosecbulletin / Saturday , March 1 2025
DragonForce ransomware targets organizations in Saudi Arabia. An attack on a major Riyadh real estate and construction firm led to...
Read More
DragonForce Ransomware Targets Saudi Company, 6TB Data Stolen

Microsoft Uncovers Hackers Selling Illegal Azure AI Access

By infosecbulletin / Saturday , March 1 2025
Microsoft has filed an amended complaint in recent civil litigation, naming the main developers of malicious tools that bypass the...
Read More
Microsoft Uncovers Hackers Selling Illegal Azure AI Access

By 2025, India’s First Semiconductor Chip to be ready

By infosecbulletin / Friday , February 28 2025
At the Global Investors Summit 2025, Union Minister Ashwini Vaishnaw announced that India’s first indigenous semiconductor chip will be ready...
Read More
By 2025, India’s First Semiconductor Chip to be ready

CVE-2025-20111
Cisco Warns Vulns in Nexus 3000 and 9000 Series Switches

By infosecbulletin / Thursday , February 27 2025
Cisco has warned of a critical vulnerability, CVE-2025-20111, in several Nexus switch models. This flaw could let attackers remotely crash...
Read More
CVE-2025-20111 Cisco Warns Vulns in Nexus 3000 and 9000 Series Switches

The second security bug (CVE-2018-8639) is a Win32k privilege escalation flaw. Local attackers logged into a vulnerable Windows system can exploit it to run arbitrary code in kernel mode, allowing them to alter data or create unauthorized accounts with full user rights.

According to a Microsoft security advisory from December 2018, this vulnerability affects both client (Windows 7 and later) and server (Windows Server 2008 and above) platforms.

CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog, identifying them as used in attacks. According to the Binding Operational Directive (BOD) 22-01 from November 2021, Federal Civilian Executive Branch agencies must secure their networks against these threats within three weeks, by March 23.

“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said.

Microsoft and Cisco haven’t updated their security advisories after CISA identified two vulnerabilities as being actively exploited while publishing the report.

Qualcomm’s March 2025 Security Bulletin Highlights Major Vulns

Check Also

Infostealer

HaveIBeenPwned Added 244 Million Passwords Stolen By Infostealers

A breach notification site has added millions of new passwords and email addresses obtained from …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin