InfoSecBulletin Cybersecurity for mankind
CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these flaws are being actively exploited, CISA has not shared specific details about the attacks or the perpetrators.
CVE-2023-20118 allows attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, and RV325 VPN routers. Cisco acknowledged this vulnerability in an advisory published in January 2023, which was updated a year later, noting that its Product Security Incident Response Team (PSIRT) is aware of publicly available proof-of-concept exploit code for CVE-2023-20025.
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.comโs domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
Registration open for โ๐๐๐ ๐๐๐๐๐ ๐๐๐๐๐ ๐๐๐๐โ
Samsung phone is saving your passwords in plain text
The second security bug (CVE-2018-8639) is a Win32k privilege escalation flaw. Local attackers logged into a vulnerable Windows system can exploit it to run arbitrary code in kernel mode, allowing them to alter data or create unauthorized accounts with full user rights.
According to a Microsoft security advisory from December 2018, this vulnerability affects both client (Windows 7 and later) and server (Windows Server 2008 and above) platforms.
CISA has added two vulnerabilities to its Known Exploited Vulnerabilities catalog, identifying them as used in attacks. According to the Binding Operational Directive (BOD) 22-01 from November 2021, Federal Civilian Executive Branch agencies must secure their networks against these threats within three weeks, by March 23.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA said.
Microsoft and Cisco haven’t updated their security advisories after CISA identified two vulnerabilities as being actively exploited while publishing the report.
Qualcommโs March 2025 Security Bulletin Highlights Major Vulns
