Biztonsági szemle

Five zero-days, 15 misconfigurations could impact businesses using Salesforce services.

The flaw allows an authenticated attacker to gain complete control over a Roundcube webmail server.

Microsegmentation, once a stalled security dream, is now critical infrastructure in the fight against lateral movement.

Through artifact attestation and the SLSA framework, GitHub's Jennifer Schelkopf argues that at least some supply chain attacks can be stopped in their tracks.

Microsoft today released patches for 67 vulnerabilities. 10 of these vulnerabilities are rated critical. One vulnerability has already been exploited and another vulnerability has been publicly disclosed before today.

It's unclear what kind of cyberattack occurred, but UNFI proactively took certain systems offline, which has disrupted the company's operations.

The Meta Ad Library does not retain all inactive ads, hindering analysis.

Despite deploying multiple solutions, many organizations struggle with alert fatigue and low threat detection accuracy, with 63% using over five tools but only 13% successfully correlating alerts.

While cost predictability and vendor lock-in remain concerns, GTT’s survey of U.S. and European enterprise leaders indicates that over half of AI workloads are now hosted in private cloud or on-premise environments.

The flaw, tracked as CVE-2025-20286, arises from improperly generated static credentials that are reused across identical ISE versions on the same cloud platform, such as AWS, Azure, and Oracle Cloud Infrastructure.

As enterprises accelerate adoption of hybrid, multi-cloud, and edge infrastructures, their security strategies are falling behind, leaving critical vulnerabilities unaddressed.