Biztonsági szemle

A compromised developer's repository serves as a worm-like infection vector to spread remote access Trojans (RATs) and other malware.

IT has long been concerned about ensuring systems receive the right amount of electricity. Cyberattackers are realizing they can manipulate voltage fluctuations for their purposes, too.

A cautionary tale illustrates why the person negotiating should never be involved with any part of the ransom payment process, experts noted.

Three proof-of-concept exploits are being used in active attacks against Microsoft's built-in security platform; two are unpatched.

The critical remote code execution flaw (CVE-2026-1731) in the remote monitoring and management tool can be exploited to spread ransomware and compromise supply chains.

The prompt injection vulnerability in the agentic AI product for filesystem operations was a sanitization issue that allowed for sandbox escape and arbitrary code execution.

China is spying on India's financial sector, for some reason, and it's not putting much effort into it, judging by some stale TTPs.

Stolen OAuth tokens, which are at the root of these breaches, "are the new attack surface, the new lateral movement," a researcher noted.

The OT devices that translate machine talk into Internet-speak are riddled with vulnerabilities and more frequently targeted for attacks, researchers say.

Strangers can infer limited info about you without knowing or messaging you, which could theoretically aid certain kinds of malicious activity.

Industry and ad hoc coalitions appear poised to help fill the gap created by NIST's decision to cut back on CVE data enrichment.

In embracing device code phishing, attackers trick victims into handing over account access by using a service's legitimate new-device login flow.