InfoSecBulletin Cybersecurity for mankind
An unsecured database belonging to RateForce ended up exposing 93.93 GB of personal information of users. This is a reminder to secure your cloud buckets. We also have two more victims of the MOVEit ransomware attack. This time, it is the largest public pension fund in the U.S. and an insurance firm. In other news, there is an update on the Dole ransomware attack that took place in February this year. The corporation disclosed the number of impacted individuals. Read on to know more.
RateForce Data Leak
F5 to acquire CalypsoAI for $180M for Advanced AI Security Capabilities
AI Pentesting Tool ‘Villager’ Merges Kali Linux with DeepSeek AI for Automated Attacks
CVE-2025-21043
Samsung Patched Critical Zero-Day Flaw Exploited in Android Attacks
Albania appoints world’s first AI minister, “Diella” to Tackle Corruption
L7 DDoS Botnet Hijacked 5.76M Devices for Large Attacks
Palo Alto Networks User-ID Credential Agent Vuln Exposes password In Cleartext
CyberVolk Ransomware Attacks CII In Japan, France, and UK
Microsoft warns of active directory and office vulnarability
(CVE-2025-10159)
Sophos Addressed Critical Auth Bypass flaw in Wireless Access Points
1.6M fitness phone call recordings exposed online
An unsecured database belonging to the U.S. auto insurance price comparison site RateForce leaked 255,756 records (93.93 GB) containing scans and images of vehicle registrations, driver’s licenses, state Medicaid health coverage cards, and others.
MOVEit Ransomware Attacks
The MOVEit ransomware attack has claimed two more victims: the largest public pension fund in the U.S. and an insurance firm. The attack on the pension fund compromised the personal data of 2.5 million Genworth Financial policyholders, while the attack on the insurance firm compromised the personal information, including Social Security numbers, of 769,000 retired California state employees.
GitHub RepoJacking
Aqua Nautilus has warned that millions of GitHub repositories are potentially vulnerable to RepoJacking, a type of attack that steals sensitive data from repositories. Some vulnerable repositories belong to Google, Lyft, and other anonymous firms.
New JS Dropper Variant
Deep Instinct has spotted a new variant of JS dropper, named PindOS, that is deploying next-stage payloads such as IcedID and Bumblebee. These malware, in turn, serve as loaders for other malware, including ransomware.
Dole Ransomware Attack Update
Dole has confirmed that the February ransomware attack compromised the names, addresses, driver’s license numbers, passport numbers, dates of birth, phone numbers, and other employment information of 3,885 employees.
Chinese APT Groups Exploit Microsoft Office Vulnerability
SentinelOne has revealed that Chinese APT groups exploited a 17-year-old Microsoft Office vulnerability to launch malware attacks against foreign government officials who attended a G7 summit in Hiroshima, Japan.
NIST Creates First-Ever Cybersecurity Framework for Water Infrastructure
The National Institute of Standards and Technology (NIST) is creating the first-ever cybersecurity framework for water infrastructure to address unique cyber challenges impacting America’s complex water systems.
Microsoft Discovers Cryptomining Campaign
Microsoft has discovered a cryptomining campaign targeting IoT devices and internet-facing Linux systems. The attackers are using a backdoor that deploys a broad range of tools and an IRC bot to steal device resources for mining.
NSA Issues Guidance on Defending Against BlackLotus UEFI Bootkit Malware
The National Security Agency (NSA) has issued guidance on defending against BlackLotus UEFI bootkit malware attacks. The guidance recommends that system administrators apply the latest security updates, update recovery media, and customize UEFI Secure Boot to block older signed Windows boot loaders.
Unit 42 Researchers Observe Mirai Botnet Variant
Unit 42 researchers have observed a variant of the Mirai botnet that is targeting multiple vulnerabilities in popular IoT devices, with a focus on D-Link, Zyxel, and Netgear devices. The variant has been identified in two ongoing campaigns that started on March 14 and spiked in April and June.
