No recent events yet!
ngCERT is aware of Microsoft Corporation’s announcement of the End-of-Support (EOS) for Windows 10 on October 14, 2025. After this date, Microsoft will no longer provide security updates, technical support, or bug fixes for the Windows 10 operating system (OS). This advisory highlight the security risks associated with the continued use of Windows 10 post-EOS and provides mitigation strategies for organizations and individuals.
ngCERT is aware of a critical Remote Code Execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS), a widely used email and collaboration platform. The flaw dubbed (CVE-2024-45519), allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations. Successful exploitation could result to system compromise, data theft, and malware infiltration among other malicious activities. Accordingly, users and systems administrators are advised to take proactive steps to safeguard their systems against exploits by threat actors.
ngCERT is aware of an increase in Android.Vo1d malware infections within the Nigerian cyberspace. Android.vo1d otherwise known as Void is a recent android trojan campaign reported to have infected over 1.3 million Android TV boxes worldwide, including Nigeria. The malware is identified as a sophisticated backdoor capable of secretly downloading and installing malicious applications on infected devices, particularly those running outdated Android operating systems. Android.vo1d poses a major risk to Android TV box users, with implications on system compromise and takeover, as well as data exfiltration among other negative impacts. Consequently, ngCERT strongly advises individuals and organizations to take immediate steps to safeguard their systems and data from this emerging threat.
ngCERT has observed the emergence of a critical Fortinet OS & FortiProxy Authentication Bypass Vulnerability tagged (CVE-2024-55591). This flaw allows attackers to execute remote code on affected systems, which can result in full system compromise. Exploiting this flaw can lead to data breaches, privilege escalation, and service disruption. Reportedly, the weakness is identified with a CVSSv3 score of 9.6, with records of active exploitation in the wild. In this regard, users are strongly advised to apply the available patches provided by Fortinet, while emplacing necessary measures to safeguard their systems.
ngCERT is issuing an urgent security alert regarding the infiltration of ViperSoftX malware within Nigerian cyberspace. ViperSoftX is a JavaScript-based Remote Access Trojan (RAT) capable of stealing sensitive information like banking and cryptocurrency details while evading detection and analysis on an infected system. Cybercriminals distribute this malware through infected email attachments, malicious online advertisements, social engineering, and cracked software. When successfully deployed on a system, the Trojan could be used for several malicious activities, leading to system compromise, data exfiltration, financial losses, identity theft, and ransomware attacks. ngCERT advises individuals and organizations to take immediate steps to protect their systems and data from ViperSoftX malware.
