ALERT
NGINX Releases Security Updates: HTTP/3 Vulnerabilities Patched

NGINX team released important updates for their web server software and is advising users to upgrade as soon as possible. The updates fix four important vulnerabilities in the HTTP/3 implementation, especially affecting configurations using the “ngx_http_v3_module.”

CVE-2024-32760:
A vulnerability in NGINX Plus or NGINX OSS causes HTTP/3 QUIC module to be misconfigured, leading to potential termination of NGINX worker processes or other issues.

• Uncategorized

By 2025, India’s First Semiconductor Chip to be ready

By infosecbulletin / Friday , February 28 2025

At the Global Investors Summit 2025, Union Minister Ashwini Vaishnaw announced that India’s first indigenous semiconductor chip will be ready...

Read More

• Alert
• Vulnerabilities

CVE-2025-20111
Cisco Warns Vulns in Nexus 3000 and 9000 Series Switches

By infosecbulletin / Thursday , February 27 2025

Cisco has warned of a critical vulnerability, CVE-2025-20111, in several Nexus switch models. This flaw could let attackers remotely crash...

Read More

• Alert

CVE-2025-0475 & CVE-2025-0555
GitLab’s High-Risk Flaw, Patch Now Urgently!

By infosecbulletin / Thursday , February 27 2025

GitLab has released a security advisory, urging all self-managed installations to upgrade to versions 17.9.1, 17.8.4, or 17.7.6 due to...

Read More

• Cyber Attack

Botnet Powered by 130,000 Devices Targets Microsoft 365 Accounts

By infosecbulletin / Thursday , February 27 2025

A China-linked botnet is targeting Microsoft 365 accounts with widespread password spraying attacks, according to a report by SecurityScorecard. A...

Read More

• Alert
• Cyber Attack
• Data Breach

HaveIBeenPwned Added 244 Million Passwords Stolen By Infostealers

By infosecbulletin / Wednesday , February 26 2025

A breach notification site has added millions of new passwords and email addresses obtained from infostealer malware. Troy Hunt, founder of...

Read More

• Alert
• Cyber Attack

Hackers Exploits RCE flaw in Cisco Small Business Router

By infosecbulletin / Wednesday , February 26 2025

Cybersecurity researchers have discovered a campaign exploiting a remote command execution vulnerability, CVE-2023-20118, in Cisco Small Business Routers. This vulnerability...

Read More

• Alert
• Vulnerabilities

CISA Alerts For Active Exploited Zimbra and Microsoft flaw

By infosecbulletin / Wednesday , February 26 2025

CISA has added two critical vulnerabilities to its Known Exploited Vulnerabilities catalog, urging organizations to quickly patch their systems to...

Read More

• Alert
• Cyber Attack

200 Fake GitHub Repos Attacking Developers to Deliver Malware

By infosecbulletin / Tuesday , February 25 2025

A new cyber campaign called GitVenom poses a serious risk to developers. Security researchers found over 200 fake GitHub repositories...

Read More

• Hot Topic

Renew Dubai visa within minutes with AI-powered Salama

By infosecbulletin / Tuesday , February 25 2025

Residents of Dubai can now easily renew their visas with the new AI-powered digital platform launched by the General Directorate...

Read More

• Alert
• Vulnerabilities

CVE-2024-20953
CISA Flags Oracle Agile PLM Actively Exploited Security Flaw

By infosecbulletin / Tuesday , February 25 2025

CVE-2024-20953 is a vulnerability in Oracle Agile PLM, a product lifecycle management tool. With a CVSS score of 8.8, it...

Read More

CVE-2024-31079:
Vulnerabilities in NGINX can cause termination of worker processes due to a specific type of HTTP/3 request. Exploiting this issue involves timing the requests during the connection draining process, making it difficult for attackers to manipulate.

CVE-2024-35200:
A vulnerability caused by certain HTTP/3 requests, leading to NGINX worker process termination.

CVE-2024-34161:
NGINX Plus and NGINX OSS can experience a memory leakage problem when using the HTTP/3 QUIC module on networks with a Maximum Transmission Unit (MTU) of 4096 or more without fragmentation, potentially causing previously freed memory to leak due to undisclosed QUIC packets.

EzoicNGINX Plus users got an update called Release 32 (R32) with security patches and bug fixes, based on nginx 1.25.5.

The Medium severity vulnerabilities in NGINX’s HTTP/3 capabilities can pose a significant risk to websites and applications.

To ensure the security and stability of web services, administrators and users should update their NGINX installations to the latest versions, nginx 1.27.0 and 1.26.1, promptly.