Biztonsági szemle

While cost predictability and vendor lock-in remain concerns, GTT’s survey of U.S. and European enterprise leaders indicates that over half of AI workloads are now hosted in private cloud or on-premise environments.

The flaw, tracked as CVE-2025-20286, arises from improperly generated static credentials that are reused across identical ISE versions on the same cloud platform, such as AWS, Azure, and Oracle Cloud Infrastructure.

As enterprises accelerate adoption of hybrid, multi-cloud, and edge infrastructures, their security strategies are falling behind, leaving critical vulnerabilities unaddressed.

After scanning billions of assets across major providers like AWS and Azure, researchers found that each asset averages 115 vulnerabilities, with many dating back over a decade.

Backdoors lurking in legitimate-looking code contain file-deletion commands that can destroy production systems and cause massive disruptions to software supply chains.

SSH keys enable critical system access but often lack proper management. This security blind spot creates significant risk through untracked, unrotated credentials that persist across your infrastructure.

Order could have a ripple effect on private-sector identity management for contractors.

The package uses Japanese Unicode characters, hex encoding, Base64 and more to hide its actions.

The White House put limits on cyber sanctions, killed the digital ID program, and refocused the government's cyber activities to enabling AI, rolling out post-quantum cryptography, and promoting secure software design.

The AI company's investigative team found that many accounts were using the program to engage in malicious activity around the world, such as employment schemes, social engineering, and cyber espionage.

Since at least December, the advanced persistent threat (APT) group has been using legit tools to steal data, dodge detection, and drop cryptominers on systems belonging to organizations in Russia.