InfoSecBulletin Cybersecurity for mankind
SEC Consult researchers found a vulnerability in CrowdStrike’s Falcon Sensor, enabling attackers to evade detection and run malicious applications. The dubbed “Sleeping Beauty” vulnerability was reported to CrowdStrike in late 2023 but was dismissed as just a “detection gap.” The technique involved suspending the EDR processes instead of stopping them, …
Read More »TimeLine Layout
March, 2025
-
6 March
CVE-2025-22224
41,500+ VMware ESXi Instances Vulnerable to Attacks
As of March 4, 2025, Shadowserver found that over 41,500 internet-exposed VMware ESXi hypervisors are vulnerable to the actively exploited CVE-2025-22224. 41,500 unpatched ESXi instances represent a major part of global virtualization, especially in healthcare, finance, and telecommunications. Broadcom released an emergency update to fix a vulnerability that allows attackers …
Read More » -
5 March
Register Now
AI Engineering Hackathon: Registration Open
On April 19, 2025 (Saturday), Brain Station 23 and Poridhi are jointly going to organize “AI ENGINEERING HACKATHON”. The prize money for the winners of the hackathon will be a total of 3,50,000 taka! There will be free training sessions, attractive gifts and certificates for all participants in the competition. …
Read More » -
5 March
Cisco alerts about a Webex flaw that exposes credentials
Cisco has alerted customers about a vulnerability in Webex for BroadWorks that could allow unauthorized attackers to access credentials remotely. Webex for BroadWorks combines Cisco Webex’s video conferencing and collaboration tools with the BroadWorks unified communications platform. Cisco has not assigned a CVE ID for a security issue but announced …
Read More » -
5 March
NVIDIA Issues Warning of Multiple Vulnerabilities
NVIDIA has released urgent security advisories for multiple vulnerabilities in its Hopper HGX 8-GPU High-Performance Computing platforms. A critical flaw (CVE-2024-0114, CVSS 8.1) allows unauthorized code execution, privilege escalation, and data compromise. A medium-severity vulnerability (CVE-2024-0141, CVSS 6.8) in the GPU vBIOS layer The vulnerabilities could enable denial-of-service attacks through …
Read More » -
5 March
Update Now
Chrome 134 Released, Fixes 14 Vulnerabilities
Google has released Chrome 134 for the stable channel on Windows, macOS, and Linux, effectively addressing 14 security vulnerabilities. Among these are several high-severity flaws that could potentially allow remote code execution or lead to crashes. The update version 134.0.6998.35 for Linux, 134.0.6998.35/36 for Windows, and 134.0.6998.44/45 for macOS includes …
Read More » -
4 March
Broadcom Patches 3 VMware Zero-Days Exploited In Attacks
Broadcom issued a security alert on Tuesday, warning VMware customers about 3 exploited zero-day vulnerabilities. Vulnerabilities CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226 affect VMware ESXi, Workstation, and Fusion. Patches have been released for all affected products, but no workarounds are available. CVE-2025-22224 is a critical VMCI heap overflow vulnerability in VMware ESXi …
Read More » -
4 March
Singapore issues new guidelines for data center and cloud services
The Infocomm Media Development Authority (IMDA of Singapore unveils advisory guidelines to reduce occurrences of disruptions to cloud services and data centers. These guidelines will help cloud service providers and data centres to improve their security and ensure continuity by assessing risks and planning for incidents. GUIDELINES FOR CLOUD SERVICES …
Read More » -
4 March
Update Alert!
Google Warns of Critical Android Vulns Under Attack
Google’s March 2025 Android Security Bulletin has unveiled two critical vulnerabilities—CVE-2024-43093 and CVE-2024-50302—currently under limited, targeted exploitation. These flaws affect Android versions 12 to 15, posing increasing risks for billions of devices. The bulletin requires the immediate installation of the 2025-03-05 security patch to address remote code execution and privilege …
Read More » -
4 March
CISA adds Cisco and Windows vulns as actively exploited
CISA has advised US federal agencies to secure their systems against attacks targeting vulnerabilities in Cisco and Windows. Although these flaws are being actively exploited, CISA has not shared specific details about the attacks or the perpetrators. CVE-2023-20118 allows attackers to execute arbitrary commands on RV016, RV042, RV042G, RV082, RV320, …
Read More »
