TT-CSIRT – 453.24.09.25 – Shai-Hulud Self-Replicating Worm Supply Chain Compromise

TT-CSIRT – 453.24.09.25 – Shai-Hulud Self-Replicating Worm Supply Chain Compromise

Please be advised, CISA has issued a critical alert regarding a widespread supply chain attack involving npmjs.com, the largest JavaScript package registry. A self-replicating worm named “Shai-Hulud” has compromised over 500 npm packages. After initial access, the attacker deployed malware scans for sensitive credentials such as GitHub Personal Access Tokens (PATs) and cloud service API […]

TT-CSIRT – 452.23.09.25 – Security Alert: New Inboxfuscation Tool That Bypasses Microsoft Exchange Inbox Rules and Evades Detection

Please be aware, newly discovered is a sophisticated new attack framework called Inboxfuscation, developed by Permiso Security to demonstrate critical vulnerabilities in Microsoft Exchange inbox rule detection systems. This Unicode-based obfuscation technique enables the creation of malicious inbox rules that can completely evade traditional security monitoring and detection mechanisms, representing a significant advancement in email-based […]

TT-CSIRT – 451.13.09.25 – Malware Alert: Azure Function Abuse

Please be advised there has been a discovery of a highly evasive attack using a malicious ISO image named Servicenow-BNM-Verify.iso, containing four files, with two openly visible and two hidden. The visible files include a Windows shortcut, servicenow-bnm-verify.lnk, which launches PanGpHip.exe; a legitimate Palo Alto Networks binary. Hidden are libeay32.dll, a genuine OpenSSL library, and […]

TT-CSIRT – 450.29.08.25 – FreePBX Vulnerability

Please be advised, A critical vulnerability has been discovered in the FreePBX Endpoint module, affecting versions 15, 16, and 17. The vulnerability arises from improper sanitization of user-supplied data, which can be exploited by unauthenticated attackers to gain unauthorized access to the FreePBX Administrator Control Panel. Successful exploitation can result in arbitrary database manipulation and remote […]

TT-CSIRT – 447.14.08.25 – Microsoft Office Vulnerabilities

Be advised, Microsoft released critical security updates, addressing three serious vulnerabilities in Microsoft Office that could allow attackers to execute remote code on affected systems.  The vulnerabilities, tracked as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, affect Microsoft Office versions 2016 – 2024, including Microsoft Office 2016, Office 2019, Office LTSC 2021, Office LTSC 2024, and Microsoft 365 […]

TT-CSIRT – 441.10.07.25 – Fortinet Security Advisories – SQL injection in GUI

Please be advised of the critical vulnerability CVE-2025-25257, which affects FortiWeb. This issue stems from improper handling of special characters in SQL commands, leading to a SQL Injection vulnerability (CWE-89). This vulnerability enables an attacker to execute unauthorized SQL code by sending specially crafted HTTP or HTTPS requests. Affected Versions and solutions: Version Affected Solution […]

TT-CSIRT – 440.09.04.25 – Fortinet Security Advisories

Please be advised of the following critical alert regarding multiple vulnerabilities affecting various Fortinet products, including FortiOS, FortiProxy, FortiManager, FortiAnalyzer, FortiVoice, and FortiWeb. These vulnerabilities could allow an unauthenticated attacker in a man-in-the-middle (MITM) position to impersonate the management device. Organizations utilizing affected Fortinet versions are urged to take immediate action. Impact: Successful exploitation of […]

TT-CSIRT – 439.09.04.25. Security Update – FortiSwitch Vulnerability

Please be advised that Fortinet has released a security update to address a critical vulnerability (CVE-2024-48887) found in the FortiSwitch GUI. This vulnerability could enable a remote unauthenticated attacker to alter admin passwords through a specifically designed request. Impact Affected Versions Version Affected Solution FortiSwitch 7.6 7.6.0 Upgrade to 7.6.1 or above FortiSwitch 7.4 7.4.0 […]

TT-CSIRT – 436.24.10.24. Missing Authentication in FortiManager fgfmd

Fortinet has released a patch to address a critical vulnerability in their FortiManager product. This vulnerability allows threat actors to use a compromised FortiManager device to execute arbitrary code or commands via specially crafted requests against other FortiManager devices, through a missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon.   Reports have […]

TTCSIRT – 435.26.09.24: Phishing Alert

The Trinidad and Tobago Cyber Security Incident Response Team (TT-CSIRT) is aware of a phishing email originating from a GovNeTT user’s compromised email “akesha.hazel@gov[.]tt’”. In this respect we are advising all persons not to engage with any emails received from the aforementioned email address with the following details: Persons who receive the email are advised […]