InfoSecBulletin Cybersecurity for mankind
South Korea’s largest mobile operator, SK Telecom, is warning that a malware infection allowed threat actors to access sensitive USIM-related information for customers. SK Telecom is the largest mobile network operator in South Korea, holding approximately 48.4% of the mobile phone service market in the country, corresponding to 34 million subscribers. The …
Read More »TimeLine Layout
April, 2025
-
23 April
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
Security researcher Matt Keeley showed that artificial intelligence can now develop working exploits for critical vulnerabilities before public proof-of-concept (PoC) exploits are released, potentially changing vulnerability research. Keeley used GPT-4 to create an exploit for CVE-2025-32433, a serious Erlang/OTP SSH vulnerability rated 10.0 on the CVSS scale. This demonstrates the …
Read More » -
22 April
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
Several vulnerabilities have been found in TP-Link routers, exposing users to serious security risks from SQL injection flaws in their web management interfaces. Security researcher “The Veteran” found vulnerabilities that let remote attackers bypass authentication and gain unauthorized control of devices without valid credentials. TP-Link Router Vulnerabilities: CVE-2025-29648: TP-Link EAP120 …
Read More » -
22 April
SSL.com’s domain validation system’s bug found: Hacker exploited
SSL.com has revealed a major security flaw in its domain validation system, which could enable attackers to acquire fake SSL certificates for domains they do not own. David Zhao, a senior researcher at CitadelCore Cyber Security Team, reported a flaw that allows manipulation of the system to issue certificates for …
Read More » -
22 April
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Amazon has paused some data center lease negotiations for its cloud division, particularly in international markets, according to Wells Fargo analysts on Monday. “This is routine capacity management, and there haven’t been any recent fundamental changes in our expansion plans,” said Kevin Miller, vice president of Amazon Web Services (AWS) …
Read More » -
21 April
Hackers Exploit Zoom’s Remote Control Feature for System Access
ELUSIVE COMET is a threat actor conducting a sophisticated attack campaign that uses Zoom’s remote control feature to access victims’ computers without permission. The ELUSIVE COMET operation begins with attackers masquerading as legitimate media organizations, specifically “Bloomberg Crypto,” to invite high-profile targets for interviews. Invitations are sent through social media, …
Read More » -
21 April
Registration open for ‘𝐔𝐀𝐏 𝐂𝐘𝐁𝐄𝐑 𝐒𝐈𝐄𝐆𝐄 𝟐𝟎𝟐𝟓’
𝐓𝐡𝐞 𝐂𝐲𝐛𝐞𝐫 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐂𝐥𝐮𝐛 of University of Asia Pacific (UAP) is going to arrange ‘𝐔𝐀𝐏 𝐂𝐘𝐁𝐄𝐑 𝐒𝐈𝐄𝐆𝐄 𝟐𝟎𝟐𝟓’ 𝐂𝐚𝐩𝐭𝐮𝐫𝐞 𝐓𝐡𝐞 𝐅𝐥𝐚𝐠 (𝐂𝐓𝐅) Competition on 3rd may 2025. Registration has been open for the contest, anyone who are qualified as per the contest rule can register through this link. Actually, it …
Read More » -
20 April
Samsung phone is saving your passwords in plain text
You copy a password from your manager, thinking it’s safe. Meanwhile, your phone is saving it in plain text. Samsung says, so far, there is no solution. Imagine you just copied a password or banking logins from a password manager. Then you think, “Wait, does this go away after I …
Read More » -
19 April
UK Software Firm Exposed 8 million of Healthcare Worker Records
A data leak involving 8 million UK healthcare worker records, including IDs and financial information, was caused by a misconfigured database from the UK software firm Logezy, which specializes in employee data management. Cybersecurity researcher Jeremiah Fowler from vpnMentor discovered this issue. Fowler’s investigation found nearly 8 million unprotected records, …
Read More » -
19 April
GitHub Enterprise Server Vulns Expose Risk of Code Execution
GitHub has released security updates for GitHub Enterprise Server to fix several vulnerabilities, including a high-severity flaw that could allow code execution by attackers. Organizations are urged to apply these patches quickly to ensure system protection. High-Risk Code Execution Vulnerability: A vulnerability (CVE-2025-3509) in the pre-receive hook feature of GitHub …
Read More »
