Advisories by BGD e-GOV CIRT

Post Image
Ghost Phishing: AES-GCM Encrypted Lures and EvilTokens Device-Code Phishing-as-a-Service Kit Targeting Microsoft 365 Accounts
The OAuth 2.0 Device Authorization Grant ("device code flow") is a legitimate authentication mechanism designed for devices with limited input capabil....
13-Jul-2026 15:15:00
Read Details
Post Image
AI-Branded Social Engineering, Phishing, and Malware Delivery Campaigns
The activity spans several delivery models, including phishing emails with urgent account or billing themes, adversary-in-the-middle token theft flows....
09-Jul-2026 11:00:00
Read Details
Post Image
FortiBleed Campaign Exposes FortiGate Devices in Bangladesh with Credential Compromise
The campaign targets FortiGate SSL-VPN and management interfaces to obtain sensitive information, including user credentials, session data, authentica....
07-Jul-2026 15:30:00
Read Details
Post Image
INC Ransomware Expands Cross-Platform Capabilities Targeting Enterprise and Mainframe Infrastructure Across the Asia-Pacific Region
The exposed attacker infrastructure contained ransomware payloads, Active Directory reconnaissance data, Group Policy deployment scripts, credential t....
05-Jul-2026 15:00:00
Read Details
Post Image
AsyncRAT Malware Campaign Leveraging Fraudulent Gambling Infrastructure Targeting Bangladesh
The campaign combines malware delivery, remote access capabilities, and deceptive financial fraud tactics, where threat actors disguise malicious payl....
17-May-2026 16:00:00
Read Details
Post Image
Web Defacement Artifacts on Bangladesh Government Infrastructure Potentially Linked to Global Magento Exploitation Campaign
Cyber Threat Intelligence Unit of BGD e-Gov CIRT has identified multiple Bangladesh government web domains hosting suspicious artifact files such as g....
03-May-2026 16:00:00
Read Details