Security Bulletin

Researchers say the advanced framework was built almost entirely by agents, marking a significant evolution in the use of AI to develop wholly original malware.

Hackers are already leveraging these over-permissioned programs to access the IT systems of major security vendors.

A Nemzetbiztonsági Szakszolgálat Nemzeti Kiberbiztonsági Intézet (NBSZ NKI) riasztást ad ki az MVM Next Energiakereskedelmi Zrt. nevével és arculati elemeivel visszaélő, adathalász hivatkozást tartalmazó szöveges üzenetek (SMS) terjedése kapcsán.

Tájékoztató a 2026. évi választásokkal összefüggésben.

The attack consists of a NexShield malicious browser extension, a social engineering technique to crash the browser, and a Python-based RAT.

The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability.

Familiar bugs in a popular open source framework for AI chatbots could give attackers dangerous powers in the cloud.

The indirect prompt injection vulnerability allows an attacker to weaponize invites to circumvent Google's privacy controls and access private data.

Researchers found the popular model context protocol (MCP) servers, which are integral components of AI services, carry serious vulnerabilities.

ChatGPT Health promises robust data protection, but elements of the rollout raise big questions regarding user security and safety.

CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses.

Security professionals are moving on up the executive ranks as enterprises face rising regulatory and compliance standards.