Biztonsági szemle

Multiple aliases have been leveraged by the hacker in conducting intrusions against the United Nations, the International Civil Aviation Organization, the Guardia Civil, and other public and private entities, which had their data stolen and sold in...

Such a vulnerability — which stems from a USB Video Class driver out-of-bounds write issue that could be exploited for privilege escalation — may have been used by forensic data extraction tools, according to the GrapheneOS development team.

The Dallas suburb noted in an online notice that the incident resulted in the compromise of names, addresses, Social Security numbers, credit card details, driver's license numbers, medical insurance data, and financial account details.

Information exposed by the incident included names, birthdates, email addresses, and employment history, said ICAO in an updated statement that emphasized the delivery of breach notices to impacted individuals.

Attacks commenced with the delivery of phishing emails with a Dropbox link that downloads a ZIP archive containing an internet shortcut file with a TryCloudflare URL that fetches an LNK file for further compromise, a report from Forcepoint X-Labs...

After luring targets into providing their curriculum vitae or GitHub link for fake cryptocurrency, finance, or travel job offers, attackers proceed to share a malicious repository with the project's "minimum viable product," which executes nefarious...

When it comes to protecting your company from cyberattacks, you don't have to be the fastest gazelle — you just can't afford to be the slowest.

Learn what's available today for quantum-safe solutions, along with the viability of QKD, an emerging tech that spans the gap between the present and future.

CISA released six Industrial Control Systems (ICS) advisories on February 6, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-037-01 Schneider Electric EcoStruxure...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.6 ATTENTION: Exploitable remotely/low attack complexity/known public exploitation Vendor: Trimble Equipment: Cityworks Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful...

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.1 ATTENTION: Exploitable remotely Vendor: Schneider Electric Equipment: EcoStruxure Power Monitoring Expert (PME) Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of...

CISA has added five vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability CVE-2022-23748 Dante Discovery Process Control Vulnerability CVE...