Security Bulletin

Megjelent a SANS és a Nemzetbiztonsági Szakszolgálat Nemzeti Kiberbiztonsági Intézet közös kiadványának 2025. decemberi száma, melyben bemutatjuk azt a négy egyszerű, de hatékony lépést, mellyel biztonságosabbá tehetjük online jelenlétünket.

A Nemzetbiztonsági Szakszolgálat Nemzeti Kiberbiztonsági Intézet (NBSZ NKI) riasztást ad ki a React és Next.js szoftvereket érintő, két, kritikus súlyosságú, távoli kódfuttatást lehetővé tevő sérülékenység kapcsán.

Iran's top state-sponsored APT is usually rather crass. But in a recent spate of attacks, it tried out some interesting evasion tactics, including delving into Snake, an old-school mobile game.

The China-based cyber-threat group has been quietly using malicious extensions on the Google Chrome and Microsoft Edge marketplaces to spy on millions of users.

The vulnerability, which was assigned two CVEs with maximum CVSS scores of 10, may affect more than a third of cloud service providers.

The suit alleges the Chinese retailer's app secretly accesses and harvests users' sensitive information without their knowledge or consent.

Ransomware groups target enterprises during off-hours, weekends, and holidays when security teams are stretched thin and response times lag.

Water Saci has upgraded its self-propagating malware to compromise banks and cryptocurrency exchanges by targeting enterprise users of the popular chat app.

While satellite constellations — such as Starlink — are resilient, 2,000 drones could cut communications to a region the size of Taiwan, researchers find.

Is the new privacy protocol helping malicious actors more than Internet users?

New Fooder loader and memory-only tactics suggest MuddyWater has evolved from its usual noisy ops to more stealthy espionage operations.