Security Bulletin

Starting yesterday, some of our honeypots received POST requests to "/cgi-bin/webctrl.cgi", attempting to exploit an OS command injection vulnerability:

Thanks to improving cybersecurity and law enforcement action from the West, Russia's government is reevaluating which cybercriminals it wants to give safe haven from the law.

The Iranian threat group is using a compromised mailbox accessed through NordVPN to send phishing emails that prompt recipients to enable macros.

CVE: CVE-2025-8677 Title: Resource exhaustion via malformed DNSKEY handling Document version: 2.0 Posting date: 22 October 2025 Program impacted: BIND 9 Versions affected: BIND 9.18.0 -> 9.18.39 9.20.0 -> 9.20.13 9.21.0 -> 9.21.12 BIND Supported...

CVE: CVE-2025-40780 Title: Cache poisoning due to weak PRNG Document version: 2.0 Posting date: 22 October 2025 Program impacted: BIND 9 Versions affected: BIND 9.16.0 -> 9.16.50 9.18.0 -> 9.18.39 9.20.0 -> 9.20.13 9.21.0 -> 9.21.12 BIND Supported...

CVE: CVE-2025-40778 Title: Cache poisoning attacks with unsolicited RRs Document version: 2.0 Posting date: 22 October 2025 Program impacted: BIND 9 Versions affected: BIND 9.11.0 -> 9.16.50 9.18.0 -> 9.18.39 9.20.0 -> 9.20.13 9.21.0 -> 9.21.12 BIND...

Discover how Cisco’s AI-ready solutions are empowering higher education institutions to securely unlock the full potential of AI—visit us at EDUCAUSE 2025 and lead your campus into the future.

Megjelent a 2025. 43. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2025.10.17. és 2025.10.21. között kezelt incidensek, valamint az elosztott kormányzati IT biztonsági csapdarendszerből (GovProbe1) származó adatok statisztikai eloszlását is...

People habitually ignore cybersecurity on their phones. Instead of compensating for that, organizations are falling into the very same trap, even though available security options could cut smishing success and breaches in half.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

After a particularly gruesome murder, South Korea issues "code black" travel ban for several regions in Cambodia, while other nations urge more raids.

Introduction The pace at which applications for artificial intelligence are evolving continues to impress. Businesses that once considered taking advantage of AI’s sophisticated predictive and natural language capabilities are now evaluating adoption...