Biztonsági szemle

In the cybersecurity landscape, we all need hashes! A hash is the result of applying a special mathematical function (a “hash function”) that transforms an input (such as a file or a piece of text) into a fixed-size string or number. This output...

New regulations in the EU come online early in 2025, while state governments are expected to crack down on AI, security pros say.

Chinese state-sponsored threat operation Volt Typhoon, also known as Vanguard Panda, was regarded by CrowdStrike Senior Vice President of Counter Adversary Operations Adam Meyers to be among the more concerning China-linked threats after pre...

Ford Motor Company has disclosed having its account on X, formerly Twitter, breached following posts expressing pro-Palestine and anti-Israel sentiment on Monday.

Cybernews reports that MetLife was claimed to have been compromised by the RansomHub ransomware-as-a-service operation, which alleged the theft of 1 TB of data from the major global insurance company's systems. The insurance company, however, denied...

Over 15,800 GitHub repositories have been given 3.1 million inauthentic stars meant to bolster their legitimacy and reach, with almost 16% of repositories awarded 50 stars in July leveraged in malicious campaigns.

After facilitating initial access through the creation and uploading of a directed acrylic graph file to GitHub that enabled reverse shell deployment, threat actors could proceed to exploit the Kubernetes misconfiguration to achieve cluster takeovers...

Attacks using DoubleClickJacking commence with visits to a malicious site redirecting to a new tab or window without any user interaction, which will be followed by a CAPTCHA verification triggering a double-click that prompts the exploitation of the...

A novel technique to stump artificial intelligence (AI) text-based systems increases the likelihood of a successful cyberattack by 60%.

After obtaining credentials from code repositories, EC2 Grouper utilizes PowerShell and other AWS tools to initiate compromise before exploiting APIs to enable reconnaissance and resource provisioning, as well as establish unique security groups...

While Google Groups and LinkedIn reports noted the campaign to have commenced in early December, such an attack may have been tested since March as evidenced by command-and-control subdomains discovered by BleepingComputer.

SC Media's 2025 annual roundup of predictions, forecasts and warnings for the year ahead by top cybersecurity experts.