Biztonsági szemle

Malicious RubyGems pose as a legitimate plug-in for the popular Fastlane rapid development platform in a geopolitically motivated attack with global supply chain reach.

As cybercrime grows more structured and AI-powered, many enterprises remain dangerously unprepared, often lacking the threat intelligence needed to predict or counter increasingly sophisticated attacks, reports Frontier Enterprise.

The U.S. military’s cybersecurity defense headquarters has been elevated to a sub-unified command under U.S. Cyber Command, marking a significant step in fortifying the nation’s cyber defense posture, according to DefenseScoop.

Meta announced the takedown of three covert influence operations linked to China, Iran, and Romania, aimed at manipulating political narratives across multiple regions through fake accounts on Facebook, Instagram, and other platforms, according to...

The Record reports that a civilian IT specialist at the Defense Intelligence Agency was arrested in Virginia for allegedly attempting to leak classified information to a foreign government.

In response to mounting cybersecurity risks targeting critical infrastructure, two U.S. Senators have introduced a bipartisan bill aimed at bolstering cyber resilience across the energy sector.

FedScoop reports that the General Services Administration's identity verification platform Login.gov was found by the Government Accountability Office to have inadequate backup data testing processes, even if it excelled in metrics concerning data...

Attackers exploiting a critical Roundcube webmail software vulnerability concealed for a decade could achieve vulnerable system takeovers and arbitrary code execution, according to The Hacker News.

Sean Plankey and Sean Caincross, who were nominated by President Donald Trump to hold the Cybersecurity and Infrastructure Security Agency director and national cyber director positions, respectively, have been separately endorsed by a pair of...

Hackers are exploiting trusted authentication flows — like Microsoft Teams and IoT logins — to trick users into handing over access tokens, bypassing MFA and slipping undetected into corporate networks.