InfoSecBulletin Cybersecurity for mankind
The International Monetary Fund (IMF) recently experienced a cyber incident, which was detected on February 16, 2024.
After further investigation with help from cybersecurity experts, the breach was identified, and steps were taken to fix it.
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE
The investigation found that 11 IMF email accounts were hacked. The affected accounts have been made secure again. So far, there is no evidence of any other accounts being compromised. The investigation into this incident is still ongoing.
The IMF takes prevention of, and defense against, cyber incidents very seriously and, like all organizations, operates under the assumption that cyber incidents will unfortunately occur. The IMF has a robust cybersecurity program in place to respond quickly and effectively to such incidents.
In response to questions about who was behind the attack and what information was accessed, a spokesperson told media: “For security reasons, we cannot disclose further details. We cannot confirm attribution.”
The IMF is a global lender that provides extensive financial support to governments worldwide. The organization faced a similar cybersecurity incident in 2011.
