Biztonsági szemle

An SQL injection exploit exposed the users and owner of CatWatchful stalkerware.

Attackers aren’t breaching firewalls — they’re slipping instructions into prompts. Here’s why OWASP named prompt injection the top GenAI risk, and what it means for security teams.

A successful exploit could let an attacker log-in as the root user.

You can’t patch prompt injection, but you can outsmart it. OWASP’s latest guidance lays out a layered defense strategy for building safer, more resilient GenAI applications.

Deloitte's new blueprint looks to bridge the gap between the massive push for AI adoption and a lack of preparedness among leaders and employees.

As attacks on software supply chains and third parties increase, more data on critical software and infrastructure services is being advertised and sold on the Dark Web.

The Anti-Phishing Working Group observed how attackers are increasingly abusing QR codes to conduct phishing attacks or to trick users into downloading malware.

Malicious extensions can be engineered to bypass verification checks for popular integrated development environments, according to research from OX Security.

Such investigation has been confirmed by DigitalMint, which promptly moved to terminate the employee following the accusations but has not provided details regarding the suspect's arrest.

Microsoft, PayPal, Docusign, and others are among the trusted brands threat actors use in socially engineered scams that try to get victims to call adversary-controlled phone numbers.

Threat actors could leverage the flaw — which stems from inadequate value sanitization conducted by the Forminator plugin's function for saving form entry fields to the database — to remove specific arbitrary files on the server upon the removal of a...

More severe of the vulnerabilities is the TM SGNL Spring Boot Actuator misconfiguration bug, tracked as CVE-2025-48927, which could be abused for memory dump downloads, while the other flaw, tracked as CVE-2025-48928, could be exploited to reveal...