InfoSecBulletin Cybersecurity for mankind
Palo Alto Networks suffered a data breach that exposed customer data and support cases after attackers abused compromised OAuth tokens from the Salesloft Drift breach to access its Salesforce instance. The company states that it was one of hundreds of companies affected by a supply-chain attack disclosed last week, in …
Read More »TimeLine Layout
September, 2025
-
2 September
Entirely False: Google Confirms Gmail Data Breach Warning Is Fake
A viral story claims that Google has warned all 2.5 billion Gmail users about account risks due to a recent Salesforce breach, but this is false; no such warning exists. Google has now responded, that “unfortunately, several inaccurate claims surfaced this week incorrectly claiming we issued a broad warning to …
Read More » -
2 September
Hackers’ Reportedly Ultimatum Google To Fire Two Employees: Threaten Data Leak
Hackers on Telegram threatened to leak Google databases unless the company fires two employees. A hacking group urged the tech giant to fire Austin Larsen and Charles Carmakal and to suspend Google Threat Intelligence Group’s investigations. The group is claimed to be a network of hackers made up of members …
Read More » -
1 September
Hacker to Register Domains to Launch Cyberattack Coming FIFA World cup 2026
Domains aimed at capitalizing on the FIFA Club World Cup 2025 in the U.S. have been discovered, signaling preparations for the upcoming 2026 World Cup. PreCrime Labs from BforeAI, a cybersecurity firm focused on proactive threat prevention, reports that many domains for the FIFA World Cup 2026 have already been registered …
Read More » -
1 September
Next.js and HashiCorp Vuln Found: Patch Now!
A critical security flaw in the Next.js framework, marked as CVE-2025-29927, lets attackers bypass authorization, threatening web applications. This vulnerability stems from the mishandling of the x-middleware-subrequest header in Next.js middleware, which could allow unauthorized access to sensitive admin areas and protected resources. The vulnerability affects various versions of the …
Read More »
August, 2025
-
31 August
ChatGPT Leaks: 1,000 Public AI Conversations Analyzed: What research find
Sharing personal secrets with an AI chatbot can be risky. In early August, many were stunned to find that thousands of ChatGPT conversations were publicly accessible through search engines like Google. While OpenAI reacted promptly and removed the dangerous sharing functionality, the incident reveals the unsettling truth that people trust …
Read More » -
31 August
“SikkahBot” Malware targets “bKash” “Nagad” “MYGP” “DBBL” with banking users in Bangladesh
A new Android malware called SikkahBot is targeting students in Bangladesh by pretending to be official apps from the Bangladesh Education Board. Cyble Research and Intelligence Labs (CRIL) found that this malware has been active since July 2024. According to CRIL, the SikkahBot malware is distributed through shortened URLs, including …
Read More » -
30 August
F5 Executive Forum in Dhaka Explores App Delivery, Security, and AI Challenges
As organizations embrace digital transformation, the complexity of managing applications across Hybrid, Multicloud, and AI-driven environments continues to grow. Than ever, IT leaders must rethink how applications are deployed, protected, and optimized to meet rising user expectations and business demands. To address the issue and way forward, F5 arranged a …
Read More » -
30 August
PromptLock: The First AI-Driven Ransomware Appears
AI-driven malware has emerged sooner than anticipated, with the first identified ransomware using AI for local tasks now found. ESET reports that the AI-powered ransomware is currently just a proof-of-concept and still in progress, but it seems to have all the features of traditional ransomware. Dubbed PromptLock, the malware is …
Read More » -
30 August
CVE-2025-55177
WhatsApp patches zero day vuln exploited in the wild
Meta’s WhatsApp Security Team has fixed a zero-day vulnerability (CVE-2025-55177) in WhatsApp for iOS (before v2.25.21.73), WhatsApp Business for iOS (before v2.25.21.78), and WhatsApp for Mac (before v2.25.21.78). According to the advisory, “Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS …
Read More »