CISA Adds One Known Exploited Vulnerability to Catalog

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

CVE-2023-22527 Atlassian Confluence Data Center and Server Template Injection Vulnerability

• International

Palo Alto Networks to Acquire AI Security Firm “Protect AI”

By infosecbulletin / Tuesday , April 29 2025

On Monday, Palo Alto Networks confirmed it is acquiring the US-based AI security company Protect AI. Protect AI has created...

Read More

• Alert

CISA Releases Seven ICS Advisories

By infosecbulletin / Monday , April 28 2025

On April 24, 2025, CISA published seven advisories addressing security issues, vulnerabilities, and exploits related to Industrial Control Systems (ICS)....

Read More

• International

India Launches First Quantum Computing Village in Amaravati

By infosecbulletin / Monday , April 28 2025

India has taken a monumental stride toward next-generation technology by initiating its first Quantum Computing Village, a state-of-the-art project in...

Read More

• Alert
• Vulnerabilities

400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks

By infosecbulletin / Monday , April 28 2025

Shadow servers found 454 vulnerable SAP NetWeaver systems at risk from a critical zero-day exploit currently being used in attacks....

Read More

• Event

30 Teams Qualify for Online Preliminary Round At UAP CTF Contest

By infosecbulletin / Monday , April 28 2025

Blind_Virus, DU_Featherless_Bipeds and Hidden investigations team secure the 1st , 2nd and 3rd positions accordingly for online preliminary round at...

Read More

• Alert
• Vulnerabilities

CVE-2025-43859
Request Smuggling Vulnerability in Python’s h11 HTTP Library

By infosecbulletin / Sunday , April 27 2025

A critical vulnerability tracked as CVE-2025-43859 has been disclosed in h11, a minimalist, I/O-agnostic HTTP/1.1 protocol library written in Python....

Read More

• Alert
• Vulnerabilities

NVIDIA Releases Security Update For GPU Driver Vulnerabilities

By infosecbulletin / Saturday , April 26 2025

NVIDIA has released a software security update for its GPU Display Driver to fix multiple vulnerabilities affecting both the driver...

Read More

• Alert
• Cyber Attack
• Vulnerabilities

‘SessionShark’ ToolKit Bypasses Microsoft Office 365 MFA

By infosecbulletin / Saturday , April 26 2025

The SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn about real-time attacks using fake login...

Read More

• Alert
• Vulnerabilities

159 CVEs Exploited in Q1 2025 : 28.3% Within 24 Hours of Disclosure

By infosecbulletin / Friday , April 25 2025

In Q1 2025, VulnCheck identified evidence of 159 CVEs publicly disclosed for the first time as exploited in the wild....

Read More

• Alert
• Vulnerabilities

NVIDIA NeMo Framework Vuln Allow Attackers RCE

By infosecbulletin / Friday , April 25 2025

The NVIDIA NeMo Framework has three vulnerabilities that could enable attackers to execute remote code, risking AI system compromise and...

Read More

CVE-2023-22527 Detail:

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.