Biztonsági szemle

BleepingComputer reports that security researchers have uncovered seven malicious Python Package Index packages leveraging Gmail's SMTP servers and encrypted WebSocket connections to exfiltrate data and execute remote commands on infected systems.

CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-34028 Commvault Command Center Path Traversal Vulnerability CVE-2024-58136 Yiiframework Yii Improper Protection...

Facing a politically motivated Justice Department investigation, former CISA director Chris Krebs was warmly welcomed at the RSAC conference as he led a panel discussion of national-security luminaries.

At RSAC 2025, SANS Institute experts warned that rising attack complexity, cloud privilege sprawl, and AI over regulation are converging into a perfect storm — and defenders may already be outpaced.

These five metrics that can help teams get to the bottom of the threats they face.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

AI skills are critical for any network engineer today. Here’s how to get them for free.

This year's top cyber challenges include cloud authorization sprawl, ICS cyberattacks and ransomware, a lack of cloud logging, and regulatory constraints keeping defenders from fully utilizing AI's capabilities.

A panelist of SANS Institute leaders detailed current threats and provided actionable steps for enterprises to consider.

Though they may have been out of the headlines in recent years, hacktivist groups that operate in alliance with the nation-state interests are as active and ever, and the coming year could see attacks reach new heights

Organizations can’t assume apps from the Apple and Google Play stores have been tested for security.

RDP, VPN, domain creds—everything’s for sale. Inside RSAC’s deep dive into the criminal brokers reshaping identity risk.