InfoSecBulletin Cybersecurity for mankind
CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these flaws are being actively exploited, CISA has not shared specific details about the attacks or the perpetrators.
CVE-2023-20118 allows attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. Cisco acknowledged this vulnerability in an advisory published in January 2023, which was updated a year later, noting that its Product Security Incident Response Team (PSIRT) is aware of publicly available proof-of-concept exploit code for CVE-2023-20025.
Check Point said BreachForum post old data
Apple Warns of 3 Zero Day Vulns Actively Exploited
24,000 unique IP attempted to access Palo Alto GlobalProtect portals
CVE-2025-1268
Patch urgently! Canon Fixes Critical Printer Driver Flaw
Within Minute, RamiGPT To Escalate Privilege Gaining Root Access
Australian fintech database exposed in 27000 records
Over 200 Million Info Leaked Online Allegedly Belonging to X
FBI investigating cyberattack at Oracle, Bloomberg News reports
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
The second security bug (CVE-2018-8639) is a Win32k privilege escalation flaw. Local attackers logged into a vulnerable Windows system can exploit it to run arbitrary code in kernel mode, allowing them to alter data or create unauthorized accounts with full user rights.
According to a Microsoft security advisory from December 2018, this vulnerability affects both client (Windows 7 and later) and server (Windows Server 2008 and above) platforms.
CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog, identifying them as used in attacks. According to the Binding Operational Directive (BOD) 22-01 from November 2021, Federal Civilian Executive Branch agencies must secure their networks against these threats within three weeks, by March 23.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said.
Microsoft and Cisco haven’t updated their security advisories after CISA identified two vulnerabilities as being actively exploited while publishing the report.
Qualcomm’s March 2025 Security Bulletin Highlights Major Vulns
