InfoSecBulletin Cybersecurity for mankind
CISA has issued an urgent warning about a critical zero-day vulnerability in Apple iOS and iPadOS, known as CVE-2025-24200, which is currently being exploited in targeted attacks. An authorization bypass flaw in Apple’s USB Restricted Mode allows attackers with physical access to turn off security protections on locked devices, risking …
Read More »TimeLine Layout
February, 2025
-
17 February
Massive IoT Data Breach Exposes 2.7 Billion Records
A major IoT data breach has exposed 2.7 billion records, including Wi-Fi network names, passwords, IP addresses, and device IDs. Cybersecurity researcher Jeremiah Fowler uncovered an unprotected database associated with Mars Hydro, a Chinese IoT grow light company, and LG-LED Solutions from California. He reported his findings to vpnMentor, which …
Read More » -
16 February
SonicWall Firewall Auth Bypass Vulnerability Exploited in Wild
A serious authentication bypass vulnerability in SonicWall firewalls, called CVE-2024-53704, is currently being exploited, according to cybersecurity firms. The increase in attacks is due to the public release of exploit code by Bishop Fox on February 10, 2025, which raises risks for organizations with unpatched devices. CVE-2024-53704, with a CVSS …
Read More » -
16 February
AMD Patches High-Severity SMM Vulns Affecting EPYC and Ryzen Processors
AMD has released security patches for two high-severity vulnerabilities in its System Management Mode (SMM). If exploited, these could let attackers execute arbitrary code and compromise system integrity. CVE-2024-0179 and CVE-2024-21925 are high-severity vulnerabilities with a CVSS score of 8.2. AMD reported that these flaws, identified by Quarkslab, impact several …
Read More » -
16 February
Lazarus Group Unleashes New Malware Against Developers Worldwide
Lazarus Group has initiated a complex global campaign aimed at software developers and cryptocurrency users. Operation Marstech Mayhem uses the group’s new implant, “Marstech1,” to access the software supply chain and steal sensitive data. The campaign signifies a major change in the group’s tactics, targeting hidden malware in open-source repositories …
Read More » -
15 February
Daily Security Update Dated : 15.02.2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: Zacks Investment Suffers Data Breach Impacting 12M …
Read More » -
15 February
Salt Typhoon to target Bangladeshi Universities, One identified
RedMike (Salt Typhoon) targeted university devices in Bangladesh, likely to access research in telecommunications, engineering, and technology, especially from institutions like UCLA and TU Delft. Recorded Futureʼs Insikt Group identified the campaign targeted universities in various countries like Argentina, Indonesia, Malaysia, Mexico, the Netherlands, Thailand, the United States, and Vietnam. …
Read More » -
15 February
Xploit_Cr3w and Blind_Virus, champion for BCS CTF contest
Xploit_Cr3w and Blind_Virus are the two champion teams categorically for BCS ICT Fest 2025 arranged jointly by BCS and BUET. After a hard competition among several teams they show their professionalism in the field respectively. The authority declared other teams name also who have demonstrated outstanding skills and determination at …
Read More » -
14 February
Salt Typhoon Exploits Vulnerable Cisco Devices of Telcoms Globally
Between December 2024 and January 2025, Recorded Future’s Insikt Group discovered a campaign targeting unpatched Cisco devices used by major telecommunications providers. Victims included a US affiliate of a major UK telecom and a South African telecom. Insikt Group links this activity to the Chinese state-sponsored group RedMike, also known …
Read More » -
14 February
CISA Releases Advisories For 20 Industrial Control Systems (ICS)
On February 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) issued 20 advisories about serious vulnerabilities in Industrial Control Systems (ICS) and medical devices. These disclosures aim to tackle increasing cyber threats to critical infrastructure and operational technology (OT). The advisories cover vulnerabilities in products from various manufacturers, including …
Read More »