Biztonsági szemle
2025. Júl. 3.
Biztonsági szemle
CISA: Attacks exploiting TeleMessage bugs ongoing
More severe of the vulnerabilities is the TM SGNL Spring Boot Actuator misconfiguration bug, tracked as CVE-2025-48927, which could be abused for memory dump downloads, while the other flaw, tracked as CVE-2025-48928, could be exploited to reveal...
2025. Júl. 3.
Biztonsági szemle
Maximum severity Cisco Unified CM vulnerability resolved
Affected by the vulnerability, which stems from the availability of static user credentials for root accounts during development, were Cisco Unified CM and Unified CM SME Engineering Special releases 15.0.1.13010-1 to 15.0.1.13017-1.
2025. Júl. 3.
Biztonsági szemle
Brazilian financial entities affected by cyberattack against tech provider
Threat actors behind the intrusion had leveraged breached client credentials to infiltrate C&M's systems and services, according to C&M Commercial Director Kamal Zogheib, who noted that an investigation into the incident alongside Brazil's central...
2025. Júl. 3.
Biztonsági szemle
Columbia University breach attributed to politically motivated hacker
Additional details regarding the possible political bent of the intrusion were not provided by a Columbia spokesperson, who noted an ongoing investigation into the attack's connection to the display of President Donald Trump's photo on multiple...
2025. Júl. 3.
Biztonsági szemle
Cyberattack impacts Surmodics operations
Investigation into the extent of the intrusion, which has not yet been claimed by a known threat actor, as well as efforts to recover other systems, are still underway following the restoration of critical systems, said Surmodics in a filing with the...
2025. Júl. 3.
Biztonsági szemle
Firefox store littered with crypto-pilfering extensions
Many of the fake extensions were trojanized open-source versions of cryptocurrency wallets that contain code facilitating the exfiltration of wallet keys and seed phrases, which could be leveraged for subsequent cryptocurrency asset draining...
2025. Júl. 3.
Biztonsági szemle
US sanctions 'bulletproof' hosting provider Aeza for cybercrime ops
Russia-based bulletproof hosting (BPH) service offers no-questions-asked access to servers.
2025. Júl. 3.
Biztonsági szemle
Qantas Airlines Breached, Impacting 6M Customers
Passengers' personal information was likely accessed via a third-party platform used at a call center, but didn't include passport or credit card info.
2025. Júl. 2.
Biztonsági szemle
Browser Extensions Pose Heightened, but Manageable, Security Risks
Attackers can abuse malicious extensions to access critical data, including credentials, but organizations can reduce the risks by raising awareness and enforcing strict policy controls.
2025. Júl. 2.
Biztonsági szemle
Incorrect links output by LLMs could lead to phishing, researchers say
AI models may fail to recognize social engineering content in training data and searches.
2025. Júl. 2.
Biztonsági szemle
Initial Access Broker Self-Patches Zero Days as Turf Control
A likely China-nexus threat actor has been exploiting unpatched Ivanti vulnerabilities to gain initial access to victim networks and then patching the systems to block others from breaking in to the same network.
2025. Júl. 2.
Biztonsági szemle
OWASP unpacks GenAI security’s biggest risks to LLMs
Explore the Top 10 vulnerabilities and mitigation strategies shaping the future of secure generative AI development — starting with prompt injection.