Security Bulletin
30 May 2025
Biztonsági szemle
Unimed platform misconfiguration exposes 14M patient-doctor communications
Brazil-based Unimed, which is the largest healthcare cooperative worldwide, had at least 14 million patient conversations with doctors and its chatbot "Sara" leaked by an unsecured instance of the open-source real-time data transmission platform...
30 May 2025
Biztonsági szemle
Apache Tomcat security defenses potentially evaded with CGI servlet bug
Cyber Security News reports that malicious actors could exploit a new low-severity vulnerability in Apache Tomcat's CGI servlet, tracked as CVE-2025-46701, to circumvent security configuration under certain conditions.
30 May 2025
Biztonsági szemle
Fullscreen BitM intrusions possible with Safari flaw
Apple's Safari web browser was discovered to have a Fullscreen API security issue, which could be abused to enable fullscreen browser-in-the-middle intrusions concealing the address bar of the parent window, reports BleepingComputer.
30 May 2025
Biztonsági szemle
PureHVNC RAT distributed via job lures in new phishing attack
Malicious job offers from fashion and beauty brands Bershka, John Hardy, Fragrance Du Bois, and Dear Klairs have been used to deploy the PureHVNC remote access trojan as part of a multi-stage phishing campaign last year, GBHackers News reports.
30 May 2025
Biztonsági szemle
Corrupted headers conceal novel Windows RAT
Identification and analysis efforts have been evaded for weeks by a new Windows remote access trojan through the use of corrupted Disk Operating System and Portable Executable headers, which could have provided more insights regarding the executable...
30 May 2025
Biztonsági szemle
NetBird malware spread in advanced finance exec-targeted spear-phishing
Investment, banking, energy, and insurance organizations around the world are having their chief financial officers and other finance executives subjected to a spear-phishing campaign distributing the NetBird malware, reports GBHackers News.
30 May 2025
Biztonsági szemle
'Everest Group' Extorts Global Orgs via SAP's HR Tool
In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data.
30 May 2025
Biztonsági szemle
The million-dollar CISO: Report reveals high pay, low satisfaction
More than a third of CISOs at Fortune 200-level organizations report considering a job change.
30 May 2025
Biztonsági szemle
From Code Red to Rust: Microsoft's Security Journey
At this year's Build developer conference, Microsoft reflected on what the company learned about securing features and writing secure code in the early 2000s.
29 May 2025
Biztonsági szemle
NSA, CISA Urge Organizations to Secure Data Used in AI Models
New guidance includes a list of 10 best practices to protect sensitive data throughout the AI life cycle, as well as tips to address supply chain and data-poisoning risks.
29 May 2025
Biztonsági szemle
Victoria's Secret Goes Offline After 'Incident' Claims
The lingerie retailer isn't revealing much about the security incident it's dealing with but has brought in third-party experts to address the issue.