InfoSecBulletin Cybersecurity for mankind
Microsoft has fixed critical vulnerabilities in its core cloud services, including Azure Automation, Azure Storage, Azure DevOps, and Microsoft Power Apps. While these flaws haven’t been publicly disclosed or exploited, they highlight the need for proactive security measures in cloud-native development. CVE-2025-29813 (CVSS 10.0): Azure DevOps Pipeline Token Hijack: A …
Read More »TimeLine Layout
May, 2025
-
8 May
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
The cyber threat landscape is rapidly changing, with a notable increase in ransomware activity in April 2025, driven by the Qilin ransomware group. They exploited the NETXLOADER malware loader and SmokeLoader, causing 45 confirmed data breaches in a matter of weeks, surpassing major rivals like Akira, Play, and Lynx. What …
Read More » -
8 May
SonicWall Patches 3 Flaws in SMA 100 Devices
SonicWall has released patches for three security flaws in SMA 100 Secure Mobile Access appliances that could allow remote code execution. The vulnerabilities are listed below: CVE-2025-32819 (CVSS score: 8.8) : A vulnerability in SMA100 lets an authenticated remote attacker with SSL-VPN user access bypass checks and delete any file, …
Read More » -
8 May
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
From April 2024 to April 2025, Flashpoint analysts noted that the financial sector was a major target for threat actors, with 406 incidents publicly reported as ransomware attacks, accounting for seven percent of all ransomware incidents during that time. Why Finance? The financial sector consistently ranks as one of the …
Read More » -
8 May
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
Cisco has issued a security advisory for a critical vulnerability in its IOS XE Software for Wireless LAN Controllers (WLCs). This vulnerability, known as CVE-2025-20188, has a CVSS score of 10, indicating the highest security flaw. The advisory highlights a vulnerability in the Out-of-Band Access Point (AP) Image Download feature …
Read More » -
7 May
CVE-2025-29824
Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day
Attackers linked to the Play ransomware operation deployed a zero-day privilege escalation exploit during an attempted attack against an organization in the U.S. The attack occurred prior to the disclosure and patching of a Windows elevation of privilege zero-day vulnerability (CVE-2025-29824) in the Common Log File System Driver (clfs.sys) on …
Read More » -
7 May
Hacker exploited Samsung MagicINFO 9 Server RCE flaw
Hackers are exploiting an unauthenticated remote code execution vulnerability in the Samsung MagicINFO 9 Server to take control of devices and install malware. The server allows file uploads to update display content, but hackers are using this feature to upload malicious code. The flaw identified as CVE-2024-7399 was publicly disclosed …
Read More » -
6 May
CISA adds Langflow flaw to its KEV catalog
CISA added the Langflow vulnerability, CVE-2025-3248 (CVSS score 9.8), to its Known Exploited Vulnerabilities catalog. Langflow is a popular tool used for building agentic AI workflows. CVE-2025-3248 is a code injection vulnerability in the /api/v1/validate/code endpoint. An unauthenticated remote attacker can exploit it by sending specially crafted HTTP requests to …
Read More » -
6 May
Google Fixes Android Flaw (CVE-2025-27363) Exploited by Attackers
Google has released its monthly Android security updates, addressing 46 vulnerabilities, including one that has been actively exploited. CVE-2025-27363 (CVSS score: 8.1) is a high-severity vulnerability in the System component that allows local code execution without needing extra privileges. “The most severe of these issues is a high security vulnerability …
Read More » -
6 May
UAP hosted “UAP Cyber Siege 2025”, A national level cybersecurity competition
The Cyber Security Club, representing the Department of Computer Science and Engineering at the University of Asia Pacific (UAP), has achieved a remarkable feat by hosting its first national-level cybersecurity competition, named “UAP Cyber Siege 2025.” This event not only draws attention to the growing importance of cybersecurity but also …
Read More »
