InfoSecBulletin Cybersecurity for mankind
The G20 ministers for the digital economy met in India and proposed a Framework for Systems of Digital Public Infrastructure (DPI).
The Framework comprises three elements:
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE
- Interoperable and reusable digital systems and applications, such as software codes, protocols, and standards, have revolutionized technology by offering versatility and adaptability across various use cases and sectors.
- We need governance standards that not only uphold human rights and safeguard personal data, privacy, and intellectual property, but also provide accessible and transparent mechanisms for addressing grievances. Governance can also extend to cover institutions and funding;
- A collective of private sector and civil society entities working together in collaboration.
The Outcome Document and Chair’s Summary [PDF] from the ministerial meeting provide more details about the Framework. It describes the Framework as a set of principles for developing strong, inclusive, people-centered, and sustainable digital public infrastructure.
The Framework’s recommendation by the G20 during India’s presidency of the organization comes as no surprise. As we mentioned in our previous report, India has taken a significant diplomatic step by making the India Stack bundle of digital public goods a top priority.
Digital public goods, such as free open source software like Linux, are often referred to as such. This is one of the reasons why Red Hat’s decision to no longer share RHEL source code with the public has caused controversy.
The Framework is not binding, but it shows more interest in DPI, which has gained attention since the launch of India Stack. The US’s Open Security Controls Assessment Language (OSCAL) has received recognition for its capability to describe security baselines in an open format that enables the exchange of controls, despite being a less visible effort.
During the ministerial meeting, an important outcome was the creation of a comprehensive set of “High-Level Principles to Support Businesses in Building Safety, Security, Resilience, and Trust in the Digital Economy.” This significant document highlights effective strategies to enhance the capacity of the private sector in safeguarding supply chains, enhancing the resilience of vital services, and promoting mechanisms for redress in the event of cyber attacks on organizations.
A research was conducted to find ways to reduce the risks that young people face online. The result of this research is the “Toolkit on Cyber Education and Cyber Awareness of Children and Youth”. The Toolkit recommends five approaches for consideration by policymakers developing cyber education and cyber awareness initiatives for children and youth, namely:
- Classifying risks and responses based on sub age groups;
- Investing in response, referrals, and support systems;
- Adopting and investing in a multi-stakeholder approach throughout the decision-making process;
- Promoting global cooperation to further child online safety;
- Recognizing the critical role of businesses and online platforms.
Once again, it’s important to clarify that nothing on the list is legally obligatory. Fortunately, the international community is pooling resources in this particular field. India will use its G20 presidency to develop global standards for artificial intelligence to prevent harm to humanity.
It seems that the meeting this weekend has touched upon the topic of AI in various domains. Despite the upcoming G20 Summit in September, there is still ample time for the bloc to make pronouncements regarding AI.
