Biztonsági szemle

Cyber Security News reports that malicious actors could exploit a new low-severity vulnerability in Apache Tomcat's CGI servlet, tracked as CVE-2025-46701, to circumvent security configuration under certain conditions.

Apple's Safari web browser was discovered to have a Fullscreen API security issue, which could be abused to enable fullscreen browser-in-the-middle intrusions concealing the address bar of the parent window, reports BleepingComputer.

Malicious job offers from fashion and beauty brands Bershka, John Hardy, Fragrance Du Bois, and Dear Klairs have been used to deploy the PureHVNC remote access trojan as part of a multi-stage phishing campaign last year, GBHackers News reports.

Identification and analysis efforts have been evaded for weeks by a new Windows remote access trojan through the use of corrupted Disk Operating System and Portable Executable headers, which could have provided more insights regarding the executable...

Investment, banking, energy, and insurance organizations around the world are having their chief financial officers and other finance executives subjected to a spear-phishing campaign distributing the NetBird malware, reports GBHackers News.

A 2025. 22. hetére vonatkozó hírválogatás, amely az NBSZ NKI által 2025.05.23. és 2025.05.29. között kezelt incidensek statisztikai adatait is tartalmazza.

In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

DShield honeypots [1] receive different types of attack traffic and the volume of that traffic can change over time. I've been collecting data from a half dozen honeypots for a little over a year to make comparisons. This...

More than a third of CISOs at Fortune 200-level organizations report considering a job change.

At this year's Build developer conference, Microsoft reflected on what the company learned about securing features and writing secure code in the early 2000s.

New guidance includes a list of 10 best practices to protect sensitive data throughout the AI life cycle, as well as tips to address supply chain and data-poisoning risks.