InfoSecBulletin Cybersecurity for mankind
The rising number of attacks targeting cryptocurrency businesses underscores the urgent requirement for enhanced security measures. Once, Mixin suffered a devastating loss of assets amounting to $200 million when it fell victim to a cyberattack targeting its cloud service provider.
National Student Clearinghouse recently experienced a troubling data breach that has affected numerous schools throughout the United States. Recently, the government of Bermuda fell victim to a cyberattack, which has been traced back to Russian threat actors.
Microsoft Patches Four Critical Azure and Power Apps Vulns
By infosecbulletin
/ Friday , May 9 2025
Microsoft has fixed critical vulnerabilities in its core cloud services, including Azure Automation, Azure Storage, Azure DevOps, and Microsoft Power...
Read More
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
By infosecbulletin
/ Thursday , May 8 2025
The cyber threat landscape is rapidly changing, with a notable increase in ransomware activity in April 2025, driven by the...
Read More
SonicWall Patches 3 Flaws in SMA 100 Devices
By infosecbulletin
/ Thursday , May 8 2025
SonicWall has released patches for three security flaws in SMA 100 Secure Mobile Access appliances that could allow remote code...
Read More
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
By infosecbulletin
/ Thursday , May 8 2025
From April 2024 to April 2025, Flashpoint analysts noted that the financial sector was a major target for threat actors,...
Read More
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
By infosecbulletin
/ Thursday , May 8 2025
Cisco has issued a security advisory for a critical vulnerability in its IOS XE Software for Wireless LAN Controllers (WLCs)....
Read More
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
By infosecbulletin
/ Wednesday , May 7 2025
Attackers linked to the Play ransomware operation deployed a zero-day privilege escalation exploit during an attempted attack against an organization...
Read More
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
By infosecbulletin
/ Wednesday , May 7 2025
Hackers are exploiting an unauthenticated remote code execution vulnerability in the Samsung MagicINFO 9 Server to take control of devices...
Read More
CISA adds Langflow flaw to its KEV catalog
By infosecbulletin
/ Tuesday , May 6 2025
CISA added the Langflow vulnerability, CVE-2025-3248 (CVSS score 9.8), to its Known Exploited Vulnerabilities catalog. Langflow is a popular tool...
Read More
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
By infosecbulletin
/ Tuesday , May 6 2025
Google has released its monthly Android security updates, addressing 46 vulnerabilities, including one that has been actively exploited. CVE-2025-27363 (CVSS...
Read More
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
By infosecbulletin
/ Tuesday , May 6 2025
The Cyber Security Club, representing the Department of Computer Science and Engineering at the University of Asia Pacific (UAP), has...
Read More
Here’s everything you need to know:
- Mixin, a cryptocurrency business based in Hong Kong, recently fell victim to a massive $200 million asset theft. This significant loss occurred when malicious threat actors targeted their cloud service provider, causing the temporary suspension of deposit and withdrawal services.
- A new TA866 campaign has been unveiled by researchers. This campaign strategically utilizes a fresh strain of Python malware in order to specifically target users who speak the Tatar language. This malware possesses the ability to capture screenshots and then effortlessly transmit them to a remote server through FTP.
- ESET has recently detected a novel backdoor malware, known as Deadglyph, that has been deployed in a sophisticated cyberespionage campaign against a government agency located in the Middle East. The malware has been linked to a UAE state-sponsored group named Stealth Falcon.
- A new attack campaign has been uncovered by Securonix Threat Research, targeting Ukraine’s military. This sophisticated operation, carried out by the notorious threat group UAC-0154, involves the use of malware-laced lure files disguised as UAV service manuals.
- Palo Alto Network’s Unit 42 published a new report on the Gelsemium APT group. They revealed that this group conducted a cyberespionage campaign against a Southeast Asian government. The campaign lasted for a impressive six-month period from 2022 to 2023.
