Security Bulletin

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Introduction

Tisztelt Ügyfelünk! A Nemzetbiztonsági Szakszolgálat Nemzeti Kiberbiztonsági Intézet riasztást ad ki több, elsősorban Windows-környezetre utaló állománynévhez és hash-értékhez kapcsolódó indikátorról. Az eddig ismert indikátorok az alábbiak: NAME MD5...

Microsoft Access files (Microsoft Office's Database) can contain VBA code.

TeamPCP now operates across three package ecosystems in parallel, it reached GitHub's own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub.

TeamPCP now operates across three package ecosystems in parallel, it reached GitHub's own internal codebase, it trojanized an officially Microsoft-published Python SDK, and it appears to have open-sourced its own framework on GitHub.

Wireshark release 4.6.6 fixes 1 vulnerability and 11 bugs.

This week, I&#x27m attending the SEC670[ 1] training (“Red Teaming Tools - Developing Windows Implants, Shellcode, Command and Control”). From my point of view, this training fits perfectly with FOR610 or FOR710 (malware analysis) because it...

The vulnerabilities, identified as CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910, allow for unauthorized system changes, path traversal for accessing underlying system files, and command injection attacks, respectively.

Cisco's research highlights several key issues with AI-generated reports, including inconsistency and standardization challenges due to LLMs using different data for each query and producing slightly different outcomes even with the same data.

New research from Checkmarx reveals that 75% of organizations admit to frequently or sometimes deploying code they are aware is vulnerable.