Security Bulletin

Such a new FCC unit also aims to address security weaknesses leveraged by nation-states.

CVE-2025-21590 was disclosed by Google's Mandiant team to have been exploited by Chinese cyberespionage hacking group UNC3886.

Intrusions by the Mirai-based botnets involved the targeting of devices with default credentials.

More than a third of the intrusions last month were attributed to the Clop ransomware operation.

Exposed login panels for VPNs and remote access systems leave companies open to attack, sometimes tripling the risk of ransomware and making it harder to get cyber insurance.

Both vulnerabilities originate from the differences in XML parsing between REXML and Nokogiri.

Attackers behind the OBSCURE#BAT use fake CAPTCHAs in typosquatted domains and spoofed software.

A 2025. 11. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2025.03.07. és 2025.03.13. között kezelt incidensek statisztikai adatait is tartalmazza.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Keyfactor research finds that about 18% of RSA-based digital certificates have flaws ranging from trivial to very serious. A new tool promises to find them.

The “SuperBlack” ransomware leverages the LockBit 3.0 builder with a custom encryption tool.

A novel twist on social engineering attacks is causing havoc for hospitality providers