InfoSecBulletin Cybersecurity for mankind
Five notable happenings today in the cyber world:
The NCSC-Switzerland said that the Play ransomware attack at Xplain impacted 65,000 important documents of the Federal Administration. The documents were from various administrative units, including the Federal Department of Justice and Police, the Federal Office of Justice, and the Federal Office of Police.
UK Software Firm Exposed 8 million of Healthcare Worker Records
By infosecbulletin
/ Saturday , April 19 2025
A data leak involving 8 million UK healthcare worker records, including IDs and financial information, was caused by a misconfigured...
Read More
GitHub Enterprise Server Vulns Expose Risk of Code Execution
By infosecbulletin
/ Saturday , April 19 2025
GitHub has released security updates for GitHub Enterprise Server to fix several vulnerabilities, including a high-severity flaw that could allow...
Read More
CVE-2025-2492
ASUS warns of critical auth bypass flaw in routers
By infosecbulletin
/ Friday , April 18 2025
Hackers can exploit a vulnerability in Asus routers to execute unauthorized functions. This serious issue, rated 9.2 out of 10,...
Read More
16,000+ Fortinet devices compromised with symlink backdoor, Mostly in Asia
By infosecbulletin
/ Friday , April 18 2025
According to Shadowserver Foundation around 17,000 Fortinet devices worldwide have been compromised using a new technique called "symlink". This number...
Read More
Patch now! Critical Erlang/OTP SSH Vuln Allows UCE
By infosecbulletin
/ Friday , April 18 2025
A critical security flaw has been found in the Erlang/Open Telecom Platform (OTP) SSH implementation, allowing an attacker to run...
Read More
CISA warns of increasing risk tied to Oracle legacy Cloud leak
By infosecbulletin
/ Thursday , April 17 2025
On Wednesday, CISA alerted about increased breach risks due to the earlier compromise of legacy Oracle Cloud servers, emphasizing the...
Read More
CVE-2025-20236
Cisco Patches Unauthenticated RCE Flaw in Webex App
By infosecbulletin
/ Thursday , April 17 2025
Cisco issued a security advisory about a serious vulnerability in its Webex App that allows unauthenticated remote code execution (RCE)...
Read More
Apple released emergency security updates for 2 zero-day vulns
By infosecbulletin
/ Thursday , April 17 2025
On Wednesday, Apple released urgent operating system updates to address two security vulnerabilities that had already been exploited in highly...
Read More
Oracle Released Patched for 378 flaws for April 2025
By infosecbulletin
/ Wednesday , April 16 2025
On April 15, 2025, Oracle released a Critical Patch Update for 378 flaws for its products. The patch update covers...
Read More
CVE-2025-24054
Hackers Exploiting NTLM Spoofing Windows Vuln the in Wild
By infosecbulletin
/ Wednesday , April 16 2025
Check Point Research warns of the active exploitation of a new vulnerability, CVE-2025-24054, which lets hackers leak NTLMv2-SSP hashes using...
Read More
The NSA and CISA issued five cybersecurity bulletins about securing data in the cloud. The recommendations cover implementing IAM solutions, encryption, and key management.
A report by FS-ISAC and Akamai showed that DDoS attacks on the financial sector increased by 154% in 2023 compared to 2022, mainly due to strong botnets and cyber hacktivist groups.
Tycoon and Storm-1575 threat actors carried out spear-phishing attacks on U.S. school districts in November 2023. They used Microsoft 365 credentials to bypass MFA protections.
The Rhysida ransomware group sold data stolen from Lurie Children’s Hospital for 60 bitcoins (approximately $3.4 million) on the dark web. The hospital is working on restoring the affected systems.
