Daily Cybersecurity update, November 03

*About 5,000 Okta employees had their data accessed during a third-party data breach on October 12. The breach involved stolen information, including names, Social Security numbers, and medical insurance details of both current and former employees.

*The AP News website was down because of a DDoS attack. Only some pages and story links didn’t load, but the delivery to customers and mobile apps worked fine.

• Hot Topic

AMD discloses 4 new CPU flaws Affecting Many CPUs

By infosecbulletin / Friday , July 11 2025

AMD has revealed four new vulnerabilities that could enable attackers to access sensitive data via timing-based side-channel attacks. These vulnerabilities,...

Read More

• Alert
• Vulnerabilities

GitLab patched XSS and Authorization Bypass Flaws

By infosecbulletin / Thursday , July 10 2025

GitLab has released security updates for its Community Edition (CE) and Enterprise Edition (EE) to fix vulnerabilities that could enable...

Read More

• Alert

CVE-2025-7206
Critical D-Link DIR-825 Router Flaw Remote Crash Via Buffer Overflow

By infosecbulletin / Thursday , July 10 2025

A newly found vulnerability (CVE-2025-7206) in the D-Link DIR-825 router firmware version 2.10 poses a significant risk to home and...

Read More

• Alert
• Vulnerabilities

Urgently patch now: Zoom Patches 6 Flaws

By infosecbulletin / Thursday , July 10 2025

Zoom released a security update addressing six newly discovered vulnerabilities in its Workplace, Rooms, and SDK products for Windows, macOS,...

Read More

• Hot Topic

Whatsapp rival ‘Bitchat’, message without internet

By infosecbulletin / Wednesday , July 9 2025

Jack Dorsey, co-founder of Twitter and Block Head, launched a new peer-to-peer messaging app called Bitchat, which operates solely over...

Read More

• Alert
• Vulnerabilities

Splunk Addresses Third-Party Package Vulns in SOAR Versions

By infosecbulletin / Wednesday , July 9 2025

Splunk has issued critical security updates for SOAR versions 6.4.0 and 6.4 to fix several vulnerabilities in third-party packages. The...

Read More

• Cyber Attack
• Data Breach
• International

Texas-based Tax Credit Consultancy agency exposed PII, ID Numbers, & SSNs

By infosecbulletin / Wednesday , July 9 2025

Cybersecurity researcher Jeremiah Fowler found an unsecured database with 245,949 records, reported to vpnMentor. It likely belonged to a tax...

Read More

• Alert
• International
• Vulnerabilities

CVE-2025-25257
Fortinet Addresses Major SQL Injection Flaw in FortiWeb

By infosecbulletin / Wednesday , July 9 2025

Fortinet has issued a critical patch for a critical vulnerability in its FortiWeb product, a web application firewall commonly used...

Read More

• Alert
• International
• Vulnerabilities

Microsoft July 2025 Patch Tuesday: One zero-day, 137 flaws

By infosecbulletin / Wednesday , July 9 2025

Microsoft's Patch Tuesday in July 2025 is critical, featuring updates for 137 vulnerabilities, including a zero-day in Microsoft SQL Server....

Read More

• Alert
• Bank
• Hot Topic
• International

Android malware Anatsa infiltrates Google Play targeting banks worldwide

By infosecbulletin / Tuesday , July 8 2025

ThreatFabric researchers have discovered a new sophisticated campaign by the Anatsa banking trojan targeting mobile banking users in the U.S....

Read More

*MITRE has released version 14 of the ATT&CK framework. It includes improvements to detections and ICS and mobile matrices. The new version covers a total of 760 software, 143 activity groups, and 24 campaigns in enterprise, mobile, and ICS matrices.

*48 malicious packages were found in the npm repository. These packages can deploy a reverse shell on compromised systems. They used legitimate names to deceive users.