Security Bulletin

Hardcoded credentials, access tokens, and API keys are ending up in the darnedest places, prompting a call for organizations to stop over-privileging secrets.

NSO Group must pay $4 million in damages and is permanently prohibited from reverse-engineering WhatsApp or creating new accounts after targeting users with spyware.

As AI raises the stakes for energy efficiency, precision is paramount. Discover how Cisco researchers have achieved a breakthrough in power measurement accuracy—paving the way for substantially smarter infrastructure decision-making.

Discover how leading IT teams are transforming wireless networks with AI-driven intelligent automation, real-time optimization, and streamlined access control. Learn about the latest Cisco innovations that deliver seamless, secure, and reliable Wi-Fi...

Starting yesterday, some of our honeypots received POST requests to "/cgi-bin/webctrl.cgi", attempting to exploit an OS command injection vulnerability:

Thanks to improving cybersecurity and law enforcement action from the West, Russia's government is reevaluating which cybercriminals it wants to give safe haven from the law.

The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros.

CVE: CVE-2025-8677 Title: Resource exhaustion via malformed DNSKEY handling Document version: 2.0 Posting date: 22 October 2025 Program impacted: BIND 9 Versions affected: BIND 9.18.0 -> 9.18.39 9.20.0 -> 9.20.13 9.21.0 -> 9.21.12 BIND Supported...

CVE: CVE-2025-40780 Title: Cache poisoning due to weak PRNG Document version: 2.0 Posting date: 22 October 2025 Program impacted: BIND 9 Versions affected: BIND 9.16.0 -> 9.16.50 9.18.0 -> 9.18.39 9.20.0 -> 9.20.13 9.21.0 -> 9.21.12 BIND Supported...

CVE: CVE-2025-40778 Title: Cache poisoning attacks with unsolicited RRs Document version: 2.0 Posting date: 22 October 2025 Program impacted: BIND 9 Versions affected: BIND 9.11.0 -> 9.16.50 9.18.0 -> 9.18.39 9.20.0 -> 9.20.13 9.21.0 -> 9.21.12 BIND...

Discover how Cisco’s AI-ready solutions are empowering higher education institutions to securely unlock the full potential of AI—visit us at EDUCAUSE 2025 and lead your campus into the future.

Megjelent a 2025. 43. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2025.10.17. és 2025.10.21. között kezelt incidensek, valamint az elosztott kormányzati IT biztonsági csapdarendszerből (GovProbe1) származó adatok statisztikai eloszlását is...