ALERT
CISA Adds Microsoft SharePoint Vulnerability to KEV

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) included a Microsoft SharePoint Server vulnerability in its list of known exploited vulnerabilities due to signs of active use by attackers.

CVE-2023-24955 is a critical flaw that lets a user with Site Owner access run any code they choose.

• International

First couple “Rosie” to conceive using AI tech “STAR” successfully

By infosecbulletin / Sunday , June 29 2025

Doctors at Columbia University Fertility Center have reported what they are calling the first pregnancy using a new AI system,...

Read More

• Alert
• Cyber Attack

Scattered Spider Actively Attacking Aviation and Transportation: FBI

By infosecbulletin / Saturday , June 28 2025

Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a...

Read More

• Alert
• Hot Topic
• International

Russia’s restrictions on Cloudflare making websites inaccessible

By F2 / Saturday , June 28 2025

Since June 9, 2025, Russian users connecting to Cloudflare services have faced throttling by ISPs. As the throttling is being...

Read More

• Cyber Attack
• Data Breach

61 million Verizon records allegedly posted online for sale

By infosecbulletin / Saturday , June 28 2025

A new report from SafetyDetectives reveals that hackers posted a massive 3.1GB dataset online, containing about 61 million records reportedly...

Read More

• Hot Topic

Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

By infosecbulletin / Friday , June 27 2025

A 30-year-old robotics engineer from Chennai set off alarm bells in 11 states by allegedly sending hoax bomb threats. She...

Read More

• Alert
• Vulnerabilities

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access

By infosecbulletin / Friday , June 27 2025

Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector...

Read More

• Alert
• Vulnerabilities

CISA Warns of FortiOS Hard-Coded Credentials Vulns

By F2 / Thursday , June 26 2025

CISA warns about a serious vulnerability in Fortinet FortiOS that threatens network security. CISA included CVE-2019-6693 in its Known Exploited...

Read More

• Alert
• Vulnerabilities

5 vendors’ printer totaling 748 models affected: Rapid7

By F2 / Thursday , June 26 2025

Rapid7 has revealed serious vulnerabilities in multifunction printers (MFPs) from Brother, FUJIFILM, Ricoh, and Toshiba Tec Corporation. These findings, covering...

Read More

• Alert
• Vulnerabilities

Citrix Released Emergency Patches for Actively Exploited CVE-2025-6543

By infosecbulletin / Wednesday , June 25 2025

Citrix has issued security updates for a critical vulnerability in NetScaler ADC that has been actively exploited. The vulnerability CVE-2025-6543...

Read More

• Alert
• Vulnerabilities

SonicWall warns of a trojanized NetExtender stealing VPN logins

By F2 / Wednesday , June 25 2025

SonicWall warned on Monday that unknown attackers have trojanized its SSL-VPN NetExtender application, tricking users into downloading it from fake...

Read More

“In a network-based attack, an authenticated attacker as a Site Owner could execute code remotely on the SharePoint Server,” Microsoft said in an advisory. Microsoft fixed the flaw in its May 2023 Patch Tuesday updates.

More than two months ago, CISA added CVE-2023-29357, a privilege escalation flaw in SharePoint Server, to its KEV catalog.

Microsoft previously told “customers who have enabled automatic updates and enable ‘Receive updates for other Microsoft products’ option within their Windows Update settings are already protected.”

Federal agencies must implement these security updates by April 16, 2024, to protect their systems.