InfoSecBulletin Cybersecurity for mankind
Cisco issued a security advisory about a remote code execution (RCE) vulnerability (CVE-2025-32433) affecting multiple products in its portfolio due to issues in the Erlang/OTP SSH server. The flaw with a CVSSv3.1 score of 10.0 allows unauthenticated attackers to run arbitrary code on vulnerable systems by misusing SSH message handling …
Read More »TimeLine Layout
April, 2025
-
24 April
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
SonicWall has revealed a vulnerability in its SonicOS SSLVPN Virtual Office interface that could let remote attackers crash firewall appliances. Identified as CVE-2025-32818, this high-severity vulnerability has a CVSS score of 7.5, posing significant risks for enterprises using SonicWall Gen7 devices for secure network access. The official advisory states that …
Read More » -
24 April
GitLab Releases Security Update For Multiple Vulns
GitLab has announced a security advisory urging users to upgrade their self-managed installations right away. Versions 17.11.1, 17.10.5, and 17.9.7 are now available for both Community Edition (CE) and Enterprise Edition (EE) to fix important bugs and security issues. High-Severity XSS and Account Takeover Risks The advisory highlights several high-severity …
Read More » -
23 April
ISPAB president “whatsapp” got hacked via phishing link
Imdadul Haque, the president of Internet Service Provider of Bangladesh (ISPAB) said, I automatically got back my WhatsApp account. What happened: A media worker from Bangladesh shared a screen shot with infosecbulletin. “Can I urgently send 2000 taka to bKash now? I will give it tomorrow morning, InshaAllah.” The reporter …
Read More » -
23 April
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
Zyxel Networks has issued critical security patches for two high-severity vulnerabilities in its USG FLEX H series firewalls. These flaws could let attackers gain unauthorized access and escalate their privileges on the devices. On April 22, 2025, a security advisory was released outlining patches for CVE-2025-1731 and CVE-2025-1732, affecting various …
Read More » -
23 April
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
South Korea’s largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related information for customers. SK Telecom is the largest mobile network operator in South Korea, holding approximately 48.4% of the mobile phone service market in the country, corresponding to 34 million subscribers. The …
Read More » -
23 April
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
Security researcher Matt Keeley showed that artificial intelligence can now develop working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are released, potentially changing vulnerability research. Keeley used GPT-4 to create an exploit for CVE-2025-32433, a serious Erlang/OTP SSH vulnerability rated 10.0 on the CVSS scale. This demonstrates the …
Read More » -
22 April
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their web management interfaces. Security researcher “The Veteran” found vulnerabilities that let remote attackers bypass authentication and gain unauthorized control of devices without valid credentials. TP-Link Router Vulnerabilities: CVE-2025-29648: TP-Link EAP120 …
Read More » -
22 April
SSL.com’s domain validation system’s bug found: Hacker exploited
SSL.com has revealed a major security flaw in its domain validation system, which could enable attackers to acquire fake SSL certificates for domains they do not own. David Zhao, a senior researcher at CitadelCore Cyber Security Team, reported a flaw that allows manipulation of the system to issue certificates for …
Read More » -
22 April
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Amazon has paused some data center lease negotiations for its cloud division, particularly in international markets, according to Wells Fargo analysts on Monday. “This is routine capacity management, and there haven’t been any recent fundamental changes in our expansion plans,” said Kevin Miller, vice president of Amazon Web Services (AWS) …
Read More »