Biztonsági szemle

The 2025 Global Threat Landscape Report shows cloud breaches now commonly begin with over-permissioned accounts, credential leaks in public code repositories, and unauthorized logins from unfamiliar geographies.

What was once a manageable trade-off for agility and innovation, such as vendor lock-in or outages, is now overshadowed by broader concerns, including data seizure and unpredictable pricing.

More than 40 security flaws have been patched by Apple as part of the macOS Sequoia 15.5 update, many of which could be exploited to obtain sensitive data access, GBHackers News reports.

Patches have been released by ASUS for a pair of security bugs impacting its DriverHub tool, which could be exploited to facilitate remote code execution, reports The Hacker News.

The Register reports that Microsoft has committed to remediating security issues impacting Microsoft 365 apps on Windows 10 until Oct. 10, 2028, or a little over three years after it ends Windows 10 support.

Six percent of organizations around the world were compromised with the FakeUpdates malware, also known as SocGholish, making it the most prevalent malicious payload in April, Hackread reports.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Hitachi Energy Equipment: Relion 670/650/SAM600-IO Series Vulnerability: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') 2. RISK EVALUATION...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: ABB Equipment: Automation Builder Vulnerabilities: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of these...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.4 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: MACH GWS products Vulnerabilities: Improper Neutralization of Special Elements in Data Query Logic, Improper Limitation...

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-30400 Microsoft Windows DWM Core Library Use-After-Free Vulnerability CVE-2025-32701 Microsoft Windows Common...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Service Suite Vulnerabilities: Use of Less Trusted Source, Inconsistent Interpretation of HTTP Requests ('HTTP Request...