InfoSecBulletin Cybersecurity for mankind
MediaTek has released its March 2025 Product Security Bulletin, which highlights new security vulnerabilities affecting various chipsets in smartphones, tablets, AIoT devices, smart displays, OTT hardware, computer vision platforms, audio systems, and smart TVs. The bulletin reports 10 vulnerabilities, three of which are high severity. The high-severity ones could enable …
Read More »TimeLine Layout
March, 2025
-
3 March
Qualcomm’s March 2025 Security Bulletin Highlights Major Vulns
Qualcomm’s March 2025 Security Bulletin addresses vulnerabilities in its products, including automotive systems, mobile chipsets, and networking devices. It includes fixes for critical issues like memory corruption and input validation flaws. Critical vulnerabilities have been identified in automotive systems, particularly affecting the QNX operating system (CVE-2024-53012, CVE-2024-53022, CVE-2024-53029, CVE-2024-53030, CVE-2024-53031, …
Read More » -
3 March
Cyberattack detected at Polish space agency, minister says
On Sunday, Poland Minister for Digitalisation Krzysztof Gawkowski said that Polish cybersecurity services found unauthorized access to the IT infrastructure of the Polish Space Agency (POLSA). “In connection with the incident, the systems under attack were secured … Intensive operational activities are also underway to identify who is behind the …
Read More » -
3 March
Nearly 12,000 API Keys and Passwords Found in Public Datasets
Security researchers found that datasets used by companies to develop large language models included API keys, passwords, and other sensitive credentials. Large language models are dominating the online landscape, with companies promoting AI solutions that claim to solve all problems. For an AI to be effective, it needs extensive training …
Read More » -
2 March
Android Phone’s Unlocked Using Cellebrite’s Zero-day Exploit
Amnesty International’s Security Lab discovered a cyber-espionage campaign in Serbia, where officials used a zero-day exploit from Cellebrite to unlock a student activist’s Android phone. On December 25, 2024, an attack used flaws in Linux kernel USB drivers to bypass the lock screen on a Samsung Galaxy A32. Forensic analysis …
Read More » -
1 March
DragonForce Ransomware Targets Saudi Company, 6TB Data Stolen
DragonForce ransomware targets organizations in Saudi Arabia. An attack on a major Riyadh real estate and construction firm led to the theft of more than 6TB of sensitive data. Resecurity’s new advisory reports that threat actors announced a breach on February 14, 2025, demanding ransom before releasing stolen information. The …
Read More » -
1 March
Microsoft Uncovers Hackers Selling Illegal Azure AI Access
Microsoft has filed an amended complaint in recent civil litigation, naming the main developers of malicious tools that bypass the safeguards of generative AI services, including its Azure OpenAI Service. The legal action aims to stop their actions, dismantle their illegal operation, and deter others from misusing AI technology. The …
Read More »
February, 2025
-
28 February
By 2025, India’s First Semiconductor Chip to be ready
At the Global Investors Summit 2025, Union Minister Ashwini Vaishnaw announced that India’s first indigenous semiconductor chip will be ready for production by 2025, showcasing the significant growth of Madhya Pradesh’s electronics manufacturing sector. Minister Vaishnaw congratulated the HLBS family on their new plant’s inauguration, which coincided with Mahashivratri. He …
Read More » -
27 February
CVE-2025-20111
Cisco Warns Vulns in Nexus 3000 and 9000 Series Switches
Cisco has warned of a critical vulnerability, CVE-2025-20111, in several Nexus switch models. This flaw could let attackers remotely crash the devices, leading to a denial of service (DoS). Cisco reports that a vulnerability exists due to improper handling of certain Ethernet frames. An attacker can exploit this by repeatedly …
Read More » -
27 February
CVE-2025-0475 & CVE-2025-0555
GitLab’s High-Risk Flaw, Patch Now Urgently!
GitLab has released a security advisory, urging all self-managed installations to upgrade to versions 17.9.1, 17.8.4, or 17.7.6 due to critical vulnerabilities, including serious Cross-Site Scripting (XSS) issues that may compromise user data. The Kubernetes proxy vulnerability (CVE-2025-0475) has a CVSS score of 8.7, signifying a high risk. It affects …
Read More »
