InfoSecBulletin Cybersecurity for mankind
Resecurity found 7.4 million records of Paraguayan citizens’ personal information leaked on the dark web today. Last week, cybercriminals attempted to sell this data for $7.4 million, or $1 per citizen. A ransomware group is extorting the country, marking a major cybersecurity event, with a deadline set for Friday, June …
Read More »TimeLine Layout
June, 2025
-
13 June
High-Severity Flaw in HashiCorp Nomad Allows Privilege Escalation
HashiCorp has revealed a critical vulnerability in its Nomad tool that may let attackers gain higher privileges by misusing the Access Control List (ACL) policy lookup. Identified as CVE-2025-4922, this vulnerability has a CVSS score of 8.1, indicating significant risk for organizations using affected Nomad versions. “Nomad prefix-based ACL policy …
Read More » -
13 June
SoftBank: Over 137,000 personal info leaked
SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked by a contracted outsourcing firm. In response, the company intends to end its contract with the provider and will collaborate with the police to assess future actions. SoftBank announced that …
Read More » -
13 June
Alert
Trend Micro Apex One Flaw Allow Attackers to Inject Malicious Code
Serious security vulnerabilities in Trend Micro Apex One could allow attackers to inject malicious code and elevate their privileges within the system. The company issued emergency patches on June 9, 2025, for five vulnerabilities (CVE-2025-49154 to CVE-2025-49158) rated medium to high on the CVSS 3.0 scale. CVE-2025-49154: Insecure Access Control …
Read More » -
12 June
Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Action
Aim Labs discovered a zero-click AI vulnerability named “EchoLeak” in Microsoft 365 Copilot and reported several ways to exploit it to Microsoft’s MSRC team. The new attack method called “LLM Scope Violation” has been identified, which could also impact other RAG-based chatbots and AI agents. This finding marks a significant …
Read More » -
11 June
Adobe Releases Patch Fixing 254 Vulnerabilities With High-Severity Security Gaps
On Tuesday, Adobe released security updates for 254 vulnerabilities in its software, mainly affecting Experience Manager (AEM). There are 254 flaws, 225 of which are in AEM, affecting AEM Cloud Service and earlier versions up to 6.5.22. These have been addressed in AEM Cloud Service Release 2025.5 and version 6.5.23. …
Read More » -
11 June
Alert
40,000 + live internet cameras exposed globally !
A new report from Bitsight reveals that over 40,000 internet-connected security cameras around the world are exposed, broadcasting live footage without user consent or basic security. “Most times, all that an attacker needs to spy on homes or even large organizations is just a web browser and the right IP …
Read More » -
11 June
Microsoft patch Tuesday fix exploited zero-day and 65 vuls patched
Microsoft’s June Patch Tuesday update has arrived, addressing 66 vulnerabilities across its product line. One of these flaws was actively being exploited, making this update crucial for both businesses and individual users. One Zero-Day Actively Exploited: The important fix addresses CVE-2025-33053, a vulnerability in Windows WebDAV that could let attackers …
Read More » -
10 June
84,000+ Roundcube instances vulnerable to actively exploited flaw
More than 84,000 Roundcube webmail installations are at risk due to CVE-2025-49113, a severe remote code execution (RCE) vulnerability that comes with an available public exploit. The flaw in Roundcube (versions 1.1.0 to 1.6.10) was discovered by Kirill Firsov and was patched on June 1, 2025. The bug stems from …
Read More » -
9 June
CVE-2025-24016
Critical Wazuh RCE Actively Exploited by Mirai Botnets
The Security Intelligence and Response Team (SIRT) at Akamai has found that multiple Mirai-based botnets are exploiting CVE-2025-24016, a critical RCE vulnerability in Wazuh servers. This flaw, which has a CVSS score of 9.9, allows remote attackers to execute arbitrary Python code through unsanitized JSON inputs in the Wazuh Distributed …
Read More »