InfoSecBulletin Cybersecurity for mankind
The NSA and CISA have released five bulletins on securing a cloud environment. Cloud services are very popular for businesses because they offer managed servers, storage, and applications without the need to manage their own infrastructure.
Many enterprise application developers now offer both on-premise and cloud-hosted versions of their services. This helps corporate admins by relieving them of some responsibilities.
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE
CISA and the National Security Agency (NSA) released five joint Cybersecurity Information Sheets (CSIs) to provide organizations with recommended best practices and/or mitigations to improve the security of their cloud environment(s).
Use Secure Cloud Identity and Access Management Practices
Use Secure Cloud Key Management Practices
Implement Network Segmentation and Encryption in Cloud Environments
Secure Data in the Cloud
Mitigate Risks from Managed Service Providers in Cloud Environments
Review CISA and NSA recommendations and apply their suggestions to enhance cloud security. For more details on cloud security best practices, visit CISA’s SCuBA Project and TIC pages.
