Security Bulletin
21 Jul 2025
Biztonsági szemle
Containment as a Core Security Strategy
We cannot keep reacting to vulnerabilities as they emerge. We must assume the presence of unknown threats and reduce the blast radius that they can affect.
21 Jul 2025
Biztonsági szemle
Tájékoztatás a PerfektBlue támadással kapcsolatos autóipari kiberkockázatokról
A Nemzetbiztonsági Szakszolgálat Nemzeti Kiberbiztonsági Intézete (NBSZ NKI) felhívja a figyelmet a PerfektBlue néven ismertté vált sebezhetőségekre, amelyek a BlueSDK Bluetooth-keretrendszert érintik, és világszerte több millió jármű infotainment...
21 Jul 2025
Biztonsági szemle
How quickly do we patch? A quick look from the global viewpoint, (Mon, Jul 21st)
Since the ongoing âToolShellâ exploitation campaign, in which threat actors attack on-premise Sharpoint servers using a chain of two recently published vulnerabilities[ 1, 2, 3], is still on top of the cyber security news[ 4, 5, 6, 7], I thought...
21 Jul 2025
Biztonsági szemle
ISC Stormcast For Monday, July 21st, 2025 https://isc.sans.edu/podcastdetail/9534, (Mon, Jul 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
20 Jul 2025
Biztonsági szemle
Critical Sharepoint 0-Day Vulnerablity Exploited CVE-2025-53770 (ToolShell), (Sun, Jul 20th)
Microsoft announced yesterday that a newly discovered critical remote code execution vulnerability in SharePoint is being exploited. There is no patch available. As a workaround, Microsoft suggests using Microsoft Defender to detect any attacks. To...
18 Jul 2025
Biztonsági szemle
'PoisonSeed' Attacker Skates Around FIDO Keys
Researchers discovered a novel phishing attack that serves the victim a QR code as part of supposed multifactor authentication (MFA), in order to get around FIDO-based protections.
18 Jul 2025
Biztonsági szemle
Nearly 2,000 MCP Servers Possess No Security Whatsoever
Authentication in MCP — the backbone of agentic AI — is optional, and nobody's implementing it. Instead, they're allowing any passing attackers full control of their servers.
18 Jul 2025
Biztonsági szemle
3 Ways Security Teams Can Minimize Agentic AI Chaos
Security often lags behind innovation. The path forward requires striking a balance.
18 Jul 2025
Biztonsági szemle
Firmware Vulnerabilities Continue to Plague Supply Chain
Four flaws in the basic software for Gigabyte motherboards could allow persistent implants, underscoring problems in the ways firmware is developed and updated.
18 Jul 2025
Biztonsági szemle
Sajtószemle – 2025. 29. hét
A 2025. 29. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2025.07.11. és 2025.07.17. között kezelt incidensek statisztikai adatait is tartalmazza.
18 Jul 2025
Biztonsági szemle
Veeam Phishing via Wav File, (Fri, Jul 18th)
A interesting phishing attempt was reported by a contact. It started with a simple email that looked like a voice mail notification like many VoIP systems deliver when the call is missed. There was a WAV file attached to the mail[ 1].
18 Jul 2025
Biztonsági szemle
ISC Stormcast For Friday, July 18th, 2025 https://isc.sans.edu/podcastdetail/9532, (Fri, Jul 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.