InfoSecBulletin Cybersecurity for mankind
CISA added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, noting they are actively being exploited. The list of vulnerabilities is as follows: CVE-2024-45195 (CVSS score: 7.5/9.8) – (A vulnerability in Apache OFBiz that lets a remote attacker gain unauthorized access and run code on the server, fixed …
Read More »TimeLine Layout
February, 2025
-
5 February
AMD Patches CPU Vulnerability
AMD announced patches on Monday for a microprocessor vulnerability that risks the loss of Secure Encrypted Virtualization (SEV) protection, potentially allowing attackers to load harmful microcode. CVE-2024-56161, with a CVSS score of 7.2, is a bug involving improper signature verification in the AMD CPU microcode patch loader’s read-only memory. The …
Read More » -
5 February
Hackers To Use HTTP Client Tools To Compromise Microsoft 365 Accounts
Hackers are using HTTP client tools for advanced account takeover attacks on Microsoft 365. Seventy-eight percent of Microsoft 365 tenants have been targeted by attacks, showing the changing tactics of threat actors. HTTP client tools are software that allows users to send HTTP requests and receive responses from web servers. …
Read More » -
5 February
Google patches 47 Android flaws, Including Actively Exploited CVE-2024-53104
Google has released patches for 47 security flaws in Android, including one that is actively being exploited. CVE-2024-53104 (CVSS score: 7.8) is a vulnerability that allows privilege escalation in the USB Video Class (UVC) driver kernel component. Successful exploitation of the flaw could lead to physical escalation of privilege, Google said, …
Read More » -
4 February
CVE-2025-21415
Microsoft Patches Critical Azure AI Face Service Vulnerability
Microsoft has released patches for two critical security flaws in Azure AI Face Service and Microsoft Account that could allow an attacker to escalate their privileges. The flaws are listed below: CVE-2025-21396 (CVSS score: 7.5) – Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) – Azure AI Face …
Read More » -
4 February
Daily Security Update Dated:4.02.2025
Every day a lot of cyberattack happen around the world including ransomware, Malware attack, data breaches, website defacement and so on. Its our daily security digest to cover the latest happenings in the world. Spend a bit time to read out todays update: DoJ Seizes 39 Domains From Pakistani Hackers …
Read More » -
4 February
768 Exploited CVEs in 2024, a 20% Increase from 639 in 2023
In 2024, 768 vulnerabilities with CVE identifiers were reported as exploited in the wild, a 20% increase from 639 in 2023. VulnCheck called 2024 “a strong year for threat actors exploiting vulnerabilities,” noting that 23.6% of known exploited vulnerabilities (KEVs) were weaponized by or on the day their CVEs were …
Read More » -
3 February
.Gov Domains Weaponized in Phishing Surge
A recent report from Cofense Intelligence highlights a concerning trend: threat actors are increasingly misusing .gov top-level domains (TLDs) to execute phishing campaigns. Between November 2022 and November 2024, attackers have leveraged vulnerabilities in government websites from various countries to host malicious content, act as command-and-control (C2) servers, and funnel …
Read More » -
2 February
RedSentry presents
Hacked 101 Seminar Successfully Ended at UITS
The cybersecurity seminar “RedSentry presents: Hacked 101,” organized by RedSentry with the University of Information Technology and Sciences (UITS) as the venue partner, concluded successfully, leaving a significant impact on students and aspiring cybersecurity professionals. The event attracted a large audience eager to learn about the dynamic and ever-evolving world …
Read More » -
2 February
US scientists claim to replicate DeepSeek for $30 dubbed “TinyZero,”
Researchers at the University of California, Berkeley, claims they’ve managed to reproduce the core technology behind DeepSeek’s at a total cost of roughly $30. The news raises questions about whether developing advanced AI requires huge budgets or if cheaper alternatives have been ignored by major tech companies. DeepSeek recently launched …
Read More »