Security Bulletin

Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections.

Authentication in MCP — the backbone of agentic AI — is optional, and nobody's implementing it. Instead, they're allowing any passing attackers full control of their servers.

Security often lags behind innovation. The path forward requires striking a balance.

Four flaws in the basic software for Gigabyte motherboards could allow persistent implants, underscoring problems in the ways firmware is developed and updated.

A 2025. 29. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2025.07.11. és 2025.07.17. között kezelt incidensek statisztikai adatait is tartalmazza.

A interesting phishing attempt was reported by a contact. It started with a simple email that looked like a voice mail notification like many VoIP systems deliver when the call is missed. There was a WAV file attached to the mail[ 1].

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Chinese threat actors have turned to cyberattacks as a way to undermine and destabilize Taiwan's most important industrial sector.

Cisco just disclosed a critical severity flaw in its ISE and ISE-PIC products, joining two similar bugs disclosed last month.

Security teams aren't patching firmware promptly, no one's vetting the endpoints before purchase, and visibility into potential dangers is limited — despite more and more cyberattackers targeting printers as a matter of course.

The suspect faces three charges for his alleged crimes that could earn him up to five years in federal prison, and a heap of fines.

Cisco Solution Validation Services (SVS) are a critical component of the solution lifecycle. See the difference validation can make—not just in preventing costly failures like misconfigured security policies, incompatible integrations, or performance...