Biztonsági szemle

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Incorrect...

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-31324 SAP NetWeaver Unrestricted File Upload Vulnerability These types of vulnerabilities are frequent attack...

CISA released three Industrial Control Systems (ICS) advisories on April 29, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-119-01 Rockwell Automation...

Agentic AI promises a chef’s kitchen of options with each tool finely-designed to excel at the task at hand.

The number of vulnerabilities exploited by attacks may not be growing these days, but they are increasingly affecting enterprise technologies.

Facing surging attacks and an unpredictable AI future, Cisco, Microsoft, Trellix, and RSAC leadership call for a fundamental rethinking of cybersecurity defenses.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

VSI, VeriSource's parent company, said the investigation and notification process took over a year.

Safe-seeming cloud services like Google Drive and Trello have everything attackers need to remotely control infected hosts, and most defenders have no idea.

Silverfort's Hed Kovetz discusses the identity security playbook in a machine-driven world.

CVE-2025-31324 is a maximum severity bug that attackers exploited weeks before SAP released a patch for it.