InfoSecBulletin Cybersecurity for mankind
FirePass, a fire prevention and suppression system is officially started its operation in Bangladesh. Smart Data brings the world class technology for Bangladesh. What is FirePass? FirePass, a fire prevention and suppression system. FirePASS® Corporation was established in 2001 in New York U.S.A. after the Phenomenon of ignition suppression in …
Read More »TimeLine Layout
January, 2025
-
29 January
PoC Exploit Released for TP-Link Router XSS Vuln
A newly found XSS vulnerability, CVE-2024-57514, in the TP-Link Archer A20 v3 Router has raised security concerns for users. CVE-2024-57514 is a flaw in firmware version 1.0.6 Build 20231011 rel.85717(5553) that lets attackers run arbitrary JavaScript code via the router’s web interface, posing a risk of exploitation. Discovery of the Vulnerability: …
Read More » -
29 January
CVE-2024-40891
Zyxel CPE Zero-Day Exploited in the Wild
Security researchers have alerted about ongoing exploitation attempts of a newly found zero-day command injection vulnerability in Zyxel CPE Series devices, known as CVE-2024-40891. The critical, unpatched vulnerability has left more than 1,500 devices worldwide at risk, according to Censys. About the Vulnerability – CVE-2024-40891: CVE-2024-40891 is a vulnerability that lets …
Read More » -
28 January
Apple fixed year’s first actively exploited zero-day flaw
Apple has issued security updates to address a zero-day flaw affecting iPhone users that is currently being exploited in attacks. A zero-day vulnerability, CVE-2025-24085, has been fixed today. It affects Apple’s Core Media framework and allows privilege escalation on iOS, iPadOS, macOS, tvOS, watchOS, and visionOS. “A malicious application may …
Read More » -
28 January
DeepSeek Hit by massive Cyber Attack, Limits Registrations
DeepSeek, a Chinese AI startup that recently surpassed OpenAI’s ChatGPT as the top free app on Apple’s App Store in the U.S., is experiencing a major cyber attack and has limit new user registrations. Founded in 2023, DeepSeek has rapidly become a strong contender in the AI industry, specializing in …
Read More » -
28 January
GitHub Desktop Vuln Credential Leaks via Malicious Remote URLs
Multiple security vulnerabilities have been found in GitHub Desktop and other Git projects. If exploited, these could allow attackers to access a user’s Git credentials without permission. “Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper,” GMO Flatt Security researcher Ry0taK, who discovered the …
Read More » -
27 January
Burp Suite 2025.1 released: Featuring Intruder Capabilities & Bug Fixes
PortSwigger has launched Burp Suite 2025.1, adding new features and improvements to enhance usability and efficiency for penetration testers. This update features major improvements to the Burp Intruder module, HTTP response analysis, and interaction management, as well as a browser upgrade and bug fixes. Auto-Pause Intruder Attacks: A key feature …
Read More » -
27 January
UnitedHealth confirms 190 million impacted by 2024 data breach
UnitedHealth confirmed that the ransomware attack on its Change Healthcare unit last February impacted about 190 million Americans, nearly double earlier estimates. The U.S. health insurance company confirmed the latest figures to TechCrunch on Friday after the markets closed. “Change Healthcare has determined the estimated total number of individuals impacted …
Read More » -
27 January
Registration Open For BCS CTF 2025
So, to test your cyber security skill, here is another chance to do that. Bangladesh computer society (BCS) is going to organize BCS ICT Fest- 2025 incusing CTF. The fest includes CTF contest, Project showcasing, Poster presentation, Technical Session and awere ceremony. Event Overview: The BCS ICT Fest 2025 is …
Read More » -
26 January
New Ransomware Tactics Target VMware ESXi Via SSH Tunneling
Sygnia’s recent report highlights the changing strategies of ransomware groups targeting VMware ESXi appliances. These attackers exploit vital virtual infrastructure to disrupt operations and remain hidden in compromised networks. ESXi appliances have become prime targets due to their role in hosting vital virtual machines. “Damaging them renders virtual machines inaccessible, …
Read More »