Biztonsági szemle

Previously, Microsoft reported that Storm-2460 had also used the privilege escalation bug to deploy ransomware on organizations in several countries.

Researchers from Aon's Stroz Friedberg incident response firm discovered a new attack type, known as "Bring Your Own Installer," targeting misconfigured SentinelOne EDR installs.

Advisory points to poor cyber hygiene in these sectors and acceleration of attacks via AI.

The flaw, first disclosed by Amazon researcher Keyi Li in April 2025, stems from insecure deserialization in the parquet-avro module, allowing remote code execution under specific conditions.

Coralogix has introduced a new feature called Continuous Profiling, aimed at delivering real-time, always-on insights into application performance without requiring code modifications or compromising system stability.

Pax8 has appointed Chance Weaver as its new vice president of AI adoption for the Americas.

Designed for SaaS developers, Tesseral’s open-source platform aims to eliminate the need for in-house authentication builds by offering enterprise-grade tools that support standards like SAML and SCIM.

Google Cloud had the highest cloud vulnerability prevalence among major cloud service providers, with 38% of Google Cloud-hosted assets having at least one security flaw, according to the CyCognito report.

Aside from the monetary penalty, Todd Snyder will also reconfigure its privacy portal to ensure the adoption of appropriate customer opt-out mechanisms.

Such a jury ruling, which is set to be appealed by NSO Group, was hailed by WhatsApp to be "the first victory" against illegal spyware development and usage.