CISA Adds Three Known Exploited Vulnerabilities to Catalog CISA Adds Three Known Exploited Vulnerabilities to Catalog On April 28, 2025, the Cybersecurity and Infrastructure Security Agency (CISA) added three new known exploited vulnerabilities to its catalog. The inclusion of these…
Cybersecurity Analysis: ALBEDO Telecom Net.Time – PTP/NTP Clock Cybersecurity Analysis: ALBEDO Telecom Net.Time – PTP/NTP Clock Introduction The ALBEDO Telecom Net.Time – PTP/NTP Clock is a critical device used in various industries for precise time synchronization. This article delves into…
“`html On April 11, 2025, the Australian Cyber Security Centre (source) released an alert regarding the exploitation of existing vulnerabilities in Fortinet products. These vulnerabilities pose significant threats to IT infrastructure, potentially allowing attackers unauthorized access to sensitive data and…
BADBAZAAR and MOONSHINE: Technical Analysis and Mitigations BADBAZAAR and MOONSHINE: Technical Analysis and Mitigations In April 2025, the cybersecurity community identified two significant threats: BADBAZAAR and MOONSHINE. These threats have caused substantial concern due to their sophisticated nature and potential…
BADBAZAAR and MOONSHINE: Targeting Vulnerable Communities BADBAZAAR and MOONSHINE: Spyware Targeting Uyghur, Taiwanese and Tibetan Groups and Civil Society Actors Cyber threats targeting specific ethnic and civil society groups have become increasingly sophisticated and targeted. BADBAZAAR and MOONSHINE are two…
Critical Vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways (CVE-2025-22457) Critical Vulnerability in Pulse/Ivanti Connect Secure, Policy Secure and Neurons for ZTA Gateways (CVE-2025-22457) Overview A critical vulnerability has been identified in Pulse/Ivanti Connect Secure, Policy…
“`html Fast Flux is an advanced technique used by cybercriminals to enhance the resilience and longevity of malicious infrastructure. This method involves rapidly changing DNS records to obfuscate the true location of servers hosting malicious content, making it difficult for…
Critical Vulnerabilities in Ingress-NGINX Controller for Kubernetes Critical Vulnerabilities in Ingress-NGINX Controller for Kubernetes On March 26, 2025, a significant cybersecurity advisory was released regarding critical vulnerabilities found in the Ingress-NGINX Controller for Kubernetes. The Australian Cyber Security Centre (ACSC)…
Next.js Authentication Bypass Vulnerability (CVE-2025-29927) Next.js Authentication Bypass Vulnerability (CVE-2025-29927) Introduction A critical vulnerability has been discovered in Next.js, a popular React-based framework for building web applications. Identified as CVE-2025-29927, this authentication bypass vulnerability poses significant risks to applications using…
“`html Introduction Recently, there has been a noticeable surge in Denial-of-Service (DoS) attacks targeting Australian organisations. According to the Australian Cyber Security Centre (ACSC), these attacks have significantly compromised the availability of services, impacting businesses and consumers alike. [Source: ACSC…