No recent events yet!
ngCERT has issued an urgent alert regarding a critical vulnerability (CVE-2024-44276, CVSS 9.1 – Critical) in Apple’s Password App for iOS 18, enabling attackers to hijack user sessions and steal sensitive credentials. The flaw originates from the app’s reliance on an insecure HTTP protocol for data transmission, allowing adversaries on shared networks (e.g., public Wi-Fi) to intercept unencrypted traffic and redirect users to malicious phishing sites. These fraudulent pages mimic legitimate services to harvest login credentials, financial data, and other personal information.
ngCERT is aware of Microsoft Corporation’s announcement of the End-of-Support (EOS) for Windows 10 on October 14, 2025. After this date, Microsoft will no longer provide security updates, technical support, or bug fixes for the Windows 10 operating system (OS). This advisory highlight the security risks associated with the continued use of Windows 10 post-EOS and provides mitigation strategies for organizations and individuals.
ngCERT is aware of a critical Remote Code Execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS), a widely used email and collaboration platform. The flaw dubbed (CVE-2024-45519), allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations. Successful exploitation could result to system compromise, data theft, and malware infiltration among other malicious activities. Accordingly, users and systems administrators are advised to take proactive steps to safeguard their systems against exploits by threat actors.
ngCERT is aware of an increase in Android.Vo1d malware infections within the Nigerian cyberspace. Android.vo1d otherwise known as Void is a recent android trojan campaign reported to have infected over 1.3 million Android TV boxes worldwide, including Nigeria. The malware is identified as a sophisticated backdoor capable of secretly downloading and installing malicious applications on infected devices, particularly those running outdated Android operating systems. Android.vo1d poses a major risk to Android TV box users, with implications on system compromise and takeover, as well as data exfiltration among other negative impacts. Consequently, ngCERT strongly advises individuals and organizations to take immediate steps to safeguard their systems and data from this emerging threat.
ngCERT has observed the emergence of a critical Fortinet OS & FortiProxy Authentication Bypass Vulnerability tagged (CVE-2024-55591). This flaw allows attackers to execute remote code on affected systems, which can result in full system compromise. Exploiting this flaw can lead to data breaches, privilege escalation, and service disruption. Reportedly, the weakness is identified with a CVSSv3 score of 9.6, with records of active exploitation in the wild. In this regard, users are strongly advised to apply the available patches provided by Fortinet, while emplacing necessary measures to safeguard their systems.
