Daily Cybersecurity update, November 03

*About 5,000 Okta employees had their data accessed during a third-party data breach on October 12. The breach involved stolen information, including names, Social Security numbers, and medical insurance details of both current and former employees.

*The AP News website was down because of a DDoS attack. Only some pages and story links didn’t load, but the delivery to customers and mobile apps worked fine.

• Alert
• Hot Topic

New Android Malware ‘Crocodilus’ Targets Banks in 8 Countries

By infosecbulletin / Tuesday , June 3 2025

In March 2025, the Threatfabric mobile Threat Intelligence team identified Crocodilus, a new Android banking Trojan designed for device takeover....

Read More

• Alert
• Vulnerabilities

Qualcomm Patches 3 Zero-Days Used in Targeted Android Attacks

By infosecbulletin / Tuesday , June 3 2025

Qualcomm has issued security patches for three zero-day vulnerabilities in the Adreno GPU driver, affecting many chipsets that are being...

Read More

• Alert
• Vulnerabilities

Critical RCE Flaw Patched in Roundcube Webmail

By infosecbulletin / Monday , June 2 2025

Roundcube Webmail has fixed a critical security flaw that could enable remote code execution after authentication. Disclosed by security researcher...

Read More

• Cyber Attack
• Data Breach

Hacker claim Leak of Deloitte Source Code & GitHub Credentials

By infosecbulletin / Sunday , June 1 2025

A hacker known as "303" claim to breach the company's systems and leaked sensitive internal data on a dark web...

Read More

• International

CISA Issued Guidance for SIEM and SOAR Implementation

By infosecbulletin / Sunday , June 1 2025

CISA and ACSC issued new guidance this week on how to procure, implement, and maintain SIEM and SOAR platforms. SIEM...

Read More

• Vulnerabilities

Linux flaws enable password hash theft via core dumps in Ubuntu, RHEL, Fedora

By infosecbulletin / Saturday , May 31 2025

The Qualys Threat Research Unit (TRU) found two local information-disclosure vulnerabilities in Apport and systemd-coredump. Both issues are race-condition vulnerabilities....

Read More

• International

Australia enacts mandatory ransomware payment reporting

By infosecbulletin / Saturday , May 31 2025

New ransomware payment reporting rules take effect in Australia yesterday (May 30) for all organisations with an annual turnover of...

Read More

• Hot Topic

Why Govt Demands Foreign CCTV Firms to Submit Source Code?

By infosecbulletin / Saturday , May 31 2025

Global makers of surveillance gear have clashed with Indian regulators in recent weeks over contentious new security rules that require...

Read More

• Alert
• Vulnerabilities

CVE-2023-39780
Botnet hacks thousands of ASUS routers

By infosecbulletin / Thursday , May 29 2025

GreyNoise has discovered a campaign where attackers have gained unauthorized access to thousands of internet-exposed ASUS routers. This seems to...

Read More

• Alert
• Bank

Bangladesh Bank instructed using AI to prevent online gambling

By infosecbulletin / Wednesday , May 28 2025

The rise of online gambling in the country is leading to increased crime and societal issues. In response, the central...

Read More

*MITRE has released version 14 of the ATT&CK framework. It includes improvements to detections and ICS and mobile matrices. The new version covers a total of 760 software, 143 activity groups, and 24 campaigns in enterprise, mobile, and ICS matrices.

*48 malicious packages were found in the npm repository. These packages can deploy a reverse shell on compromised systems. They used legitimate names to deceive users.