Hírolvasó

Overview

VoLTE deployments on Verizon’s IMS network have historically lacked IPsec-based integrity protection for SIP signaling, contravening well-established requirements in 3GPP TS 33.203 and GSMA IR.92. As a result, SIP messages—including registration (REGISTER), call setup (INVITE), and messaging (MESSAGE)—were transmitted in plaintext without cryptographic guarantees of integrity or authenticity. Passive analysis of live traffic over multiple months confirmed the consistent absence of SIP Security Agreement headers and ESP traffic, indicating a systematic configuration decision rather than an isolated anomaly.

In response to repeated follow-up inquiries, Verizon stated on [insert date] that integrity support is “currently available at their request” and will be extended to all UEs “starting later this year.” Separately, the researchers recently observed that Apple’s iOS 26.5 carrier bundle (released May 11, 2026) includes IMS IPsec-related configuration entries—an indication that device-side support may now be active or enabled in newer software. While this change is promising, its real-world impact remains uncertain: there is no evidence yet that Verizon has modified its network to enforce IPsec, that the configuration is being activated per session, or that integrity is functionally operational in production deployments. Absent explicit verification (e.g., captured ESP traffic or official confirmation), this may reflect preparatory software changes rather than an end-to-end security upgrade.

The vulnerability remains active for the vast majority of Verizon VoLTE users during the unprotected period, and until network-level enforcement is observed and confirmed, the risk of on-path signaling manipulation endures.

Description

VU#615987.1
SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing Security-Client/Security-Server headers and ESP traffic), which allows an on-path attacker to compromise confidentiality, integrity, and authenticity of VoLTE signaling via passive monitoring and active manipulation of unsecured SIP messages over the radio and core network.

According to 3GPP TS 33.203 and GSMA IR.92, SIP signaling between the UE and P-CSCF in IMS networks must be protected using IPsec ESP with mandatory integrity following IMS AKA authentication. This protection is negotiated via SIP Security Agreement headers (Security-Client, Security-Server, Security-Verify) during registration and results in integrity-protected ESP traffic for all subsequent signaling messages.

However, observations conducted over several weeks on Verizon’s network showed no such headers in use. The REGISTER exchange lacked any security negotiation, and post-registration SIP traffic—including INVITE, MESSAGE, BYE, and UPDATE—traversed the network in plaintext over standard UDP/TCP, with no ESP encapsulation. This pattern was consistent across device models and network conditions, indicating a systemic configuration decision rather than a transient issue. The absence of integrity checking means any modification to SIP messages—including redirection of emergency calls or injection of fake message payloads—would go undetected by both the UE and the IMS core.

No technical justification for this deviation from globally adopted security practices has been provided by Verizon, and prior engagement failed to elicit a substantive response beyond the recent, non-binding commitment to future deployment.

Impact

The lack of IPsec integrity protection enables on-path attackers—including those controlling femtocells, compromised base stations, or IMS intermediaries—to intercept, modify, replay, or inject SIP messages without detection. These capabilities permit call hijacking, spoofing of SMS-over-IMS, denial-of-service through forged BYE or CANCEL, and manipulation of emergency call routing—without requiring compromise of the UE, SIM, or backend infrastructure. Because SIP signaling lacks cryptographic integrity, all such modifications go unnoticed by both the UE and the IMS core, undermining core security assumptions of VoLTE. While the recently observed iOS 26.5 configuration change may signal progress toward a more secure implementation, its operational impact is yet to be demonstrated; until then, the risk remains real and unmitigated for users on unprotected deployments.

Solution

Until the vulnerability is fully mitigated by Verizon, users and enterprises should continue to assume VoLTE signaling is untrusted for high-assurance operations.

Acknowledgements

Thanks to DongWon Lee, Jeongmin Choi, and CheolJun Park from Kyung Hee University for their thorough technical report, persistent follow-up efforts, and the additional observation regarding iOS 26.5. Their work has significantly advanced the understanding of this issue and helped keep the discussion grounded in observable behavior.
This AI-assisted document was written by Timur Snoke.

Overview

A stored cross-site scripting (XSS) vulnerability has been discovered in Appsmith, specifically in the CodeMirror based SQL query editor’s autocomplete renderer. CVE-2026-7299 has been assigned to track the vulnerability. An attacker with developer level access to a shared PostgreSQL datasource can inject arbitrary JavaScript by creating malicious database objects whose names contain XSS payloads. Successful exploitation leads to arbitrary JavaScript execution in the browser of any workspace member who triggers SQL autocomplete, enabling session hijacking, privilege escalation, or credential theft. Version 2.1 of Appsmith fixes CVE-2026-7299.

Description

Appsmith is an open source, low code platform intended to allow developers to build internal tools, dashboards, and applications using a UI builder, database and API integrations, and JavaScript customization. Appsmith can also be deployable either self-hosted or via the cloud. A vulnerability, tracked as CVE-2026-7299, has been discovered, allowing for XSS within the SQL query editors autocomplete function.

The vulnerability description is below.

CVE-2026-7299
Appsmith’s SQL query editor’s autocomplete functionality fails to sanitize database object names before rendering them in innerHTML, allowing an authenticated Developer to inject persistent XSS by a malicious table or column names triggering arbitrary code execution in the sessions of other workspace members when they interact with the same datasource.

This vulnerability requires an account with developer access. A developer Appsmith account is an account designed to create, edit, and delete apps within a workspace they are assigned to. When an administrator opens the SQL editor and triggers autocomplete (e.g., by typing SELECT * FROM), the malicious table name executes their stored payload, which can allow for privesc.

Impact

Successful exploitation of CVE-2026-7299 leads to arbitrary code execution in the browser of any workspace member who triggers SQL autocomplete, enabling session hijacking, privilege escalation, or credential theft.

Solution

Version 2.1 of Appsmith fixes this vulnerability. Users should update their installations as soon as possible.

Acknowledgements

Thanks to the reporter, Stuart Beck. This document was written by Christopher Cullen.vrf26-04-DQBSN_exploit.py

Overview

The Collibra Platform Agent contains vulnerabilities that can be chained by a remote, unauthenticated attacker to achieve remote code execution. An attacker can exploit these issues by uploading a crafted ZIP archive that writes attacker-controlled files to arbitrary locations on the server once extracted, resulting in code execution.

Description

Collibra Platform (CP) and Collibra Platform Self-Hosted (CPSH), an enterprise grade, cloud-based platform designed to help organizations locate, understand, trust, and manage their data assets. The Collibra Agent of CP and CPSH that is installed on the host system is an independent service that listens on different port than the web interface and have the following vulnerabilities.

CVE-2026-10622 Privileged REST endpoints exposed under /rest/* do not properly enforce authentication or authorization. This allows a remote, unauthenticated attacker to interact with sensitive application functionality and gather information useful for further exploitation, including identifying suitable filesystem locations or application paths.
Additionally, the web services hosting the vulnerable REST endpoint was observed to bind to all available network interfaces regardless of the setting passed to the installer script. This behavior may increase exposure in deployments where administrators believe access is restricted to specific interfaces or trusted networks.

CVE-2026-10621 A Zip Slip vulnerability during extraction is exposed through POST /rest/restore and enables path traversal. When a ZIP archive is processed, file paths contained within the archive are not properly validated or canonicalized before extraction.
A remote attacker can supply a crafted ZIP archive containing directory traversal sequences, such as ../, to write files outside of the intended extraction directory. This may allow attackers to write custom files to arbitrary locations on the underlying host.
In an observed exploitation path, this arbitrary file write can be used to place a malicious JSP file into a web-accessible directory, enabling remote code execution when the file is subsequently requested over HTTP.

Impact

A remote, unauthenticated attacker can chain these vulnerabilities to achieve remote code execution on the affected system. An attacker who successfully exploits these issues may be able to:
- install a persistent web shell
- read, modify, or delete application data
- disrupt system availability
- potentially pivot further into surrounding environment
Because exploitation does not require authentication, deployments reachable across public internet may be at significant risk.

Solution

Collibra has released the following versions to address these vulnerabilities.

Collibra Plaform (SaaS):
2026.05
2026.04.5
2026.03.4
2026.02.6
2025.11.7
2025.10.9

Collibra Platform Self Hosted (on-prem):
2026.03 (Build 2026.03.356)
2025.10 (Build 2025.10.399)

Users are strongly encouraged to update to the fixed release as soon as possible. Refer to Collibra documentation and release notes for patching and deployment guidance.
Administrators should ensure that interfaces exposing REST endpoints are not exposed to untrusted networks and should restrict access to management interfaces wherever possible.

Acknowledgements

Thanks to the reporter who wishes to remain anonymous. This document was written by Michael Bragg.

VU#873170.2
Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra Agent fails to properly validate and canonicalize file path during ZIP extraction, this can allow an attacker to write files outside the intended extraction directory.

VU#873170.1
Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via exposed /rest/* endpoints.

A Claude Code, az Anthropic parancssoros fejlesztői asszisztense rövid idő alatt népszerűvé vált a programozók körében, és pontosan ez a népszerűség tette ideális célponttá egy kifinomult, fejlesztőkre specializált támadási hullám számára. A kutatók egy olyan kártékony kampányt tártak fel, amely a Claude Code népszerűségét használja ki fejlesztők kompromittálására. A kampány középpontjában nem egy technikai sérülékenység, […]

2026 áprilisa óta egy anonim biztonsági kutató, aki Chaotic Eclipse, illetve Nightmare Eclipse néven is publikál, hat Windows-sebezhetőséget hozott nyilvánosságra PoC-kóddal együtt. A YellowKey, GreenPlasma és a MiniPlasma névre keresztelt exploitokról korábban írtunk. A kutató azt állítja, hogy a Microsoft figyelmen kívül hagyta korábbi jelentéseit, indoklás nélkül zárt le bejelentéseket, nem fizetett bug bounty-díjazást, és […]

A Microsoft szerint egy incidens miatt nem tudtak fájlokat megnyitni a Teams és az Office Online felhasználói. Egyelőre nem tudni mely régiók érintettek az ügyben, illetve mikorra várható a hiba tényleges kiküszöbölése, de a Microsoft jelenleg is vizsgálja a problémát kiváltó lehetséges okokat. A cég elmondása szerint egyes felhasználók arról számoltak be, hogy a webes […]

Belgium Kiberbiztonsági Központja (CCB) szerint a kiberbűnözők aktívan kihasználnak egy nemrég javított Windows Netlogon sérülékenységet (CVE-2026-41089). A Netlogon egy RPC-alapú, alapvető Windows Server háttérszolgáltatás, amelynek feladata, hogy hitelesítse a szolgáltatásokat és a felhasználókat a Windows tartományalapú hálózatokon. A szóban forgó sérülékenység egy puffertúlcsordulási hiba, ami jogosultság nélküli távoli kódfuttatást tehet lehetővé a célzott tartományvezérlőkön. A […]

A holland rendőrség a Nemzeti Kiberbiztonsági Központ (NCSC) együttműködésével végzett nyomozása során sikeresen leállított egy mintegy 17 millió fertőzött eszközből – köztük számítógépekből, tabletekből és egyéb okoseszközökből – álló bothálózatot. Az akció során több mint 200, a hálózat működését kiszolgáló szervert foglaltak le. A botneteket illegális kiberműveletekhez, például elosztott szolgáltatásmegtagadási (DDoS) támadásokhoz, rosszindulatú forgalom proxy […]

Overview

The PCTCore64.sys Windows kernel driver from PC Tools Internet Security exposes its \\.\PCTCoreDriver device interface with no access control, allowing any user-mode process to interact with the driver and invoke privileged IOCTL (I/O Control) commands. In a Bring Your Own Vulnerable Driver (BYOVD) scenario, a local attacker with the ability to load a Windows driver can exploit the exposed interface to perform sensitive low-level operations on the target device.

Description

PCTCore64.sys is a Windows kernel driver that implements system monitoring and protection functionality on local Windows systems. The driver creates a Windows Driver Model (WDM) device object \\.\PCTCoreDriver via IoCreateDevice and provides user-mode access through a DOS device symbolic link via IoCreateSymbolicLink.

The driver exposes privileged functionality intended for administrative or security operations; however, the device object is created without a restrictive security descriptor. Specifically, the driver does not apply security best practices using either Security Descriptor Definition Language (SDDL) or the IoCreateDeviceSecure API, allowing unprivileged user-mode processes to open handles to the device and issue privileged IOCTL requests.

As a result, an attacker may invoke IOCTL handlers capable of performing sensitive low-level operations, including:

• System-wide handle enumeration
• Cross-process handle manipulation
• Credential extraction from lsass.exe
• Forced termination of arbitrary processes, including Protected Process Light (PPL)-protected processes

Although the original PC Tools Internet Security product line was discontinued in 2013 and is no longer maintained, the driver remains signed and can still be abused in BYOVD attacks. An attacker may load the vulnerable driver on a target system and leverage the exposed IOCTL interface to access privileged kernel functionality.

One vulnerable IOCTL permits the acquisition of a PROCESS_ALL_ACCESS handle to sensitive processes such as lsass.exe, enabling credential theft operations including extraction of NTLM hashes and Kerberos authentication material. Additional IOCTL handlers permit the termination of arbitrary processes regardless of PPL protections, enabling attackers to disable security software such as Microsoft Defender and other critical system services. Other exposed interfaces enable arbitrary handle operations against external processes, potentially resulting in process instability, crashes, or undefined behavior. Collectively, these vulnerabilities can be exploited to provide a practical attack path for credential theft, defense evasion, privilege escalation, and broader system compromise.

CVE-2026-8501 Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit this vulnerability to perform sensitive and privileged operations on the target system.

Impact

A local attacker with the ability to load a Windows kernel driver may exploit the vulnerable PCTCore64.sys driver to access sensitive processes such as lsass.exe and other PPL-protected services. Successful exploitation can enable credential theft, arbitrary process termination, denial-of-service (DoS) conditions, and broader system compromise through privileged kernel-level operations.

Solution

The PC Tools Internet Security product line and its PCTCore64.sys driver are no longer actively maintained and should not be used in production environments. Organizations should remove and block the vulnerable driver where possible and implement mitigations designed to reduce exposure to BYOVD attacks, including restricting administrative privileges, enforcing Microsoft recommended driver block rules, and enabling protections such as Hypervisor-Protected Code Integrity (HVCI), Windows Defender Application Control (WDAC), and Credential Guard.

Acknowledgements

Thanks to Tzachi Hazan for researching and reporting this vulnerability. This document was written by Molly Jaconski.

Overview

Casdoor versions 2.362.0 and earlier contain several identity and access management vulnerabilities that enable broad authentication bypass and privilege escalation. These flaws relate to Casdoor’s Security Assertion Markup Language (SAML) processing, account binding, and token exchange mechanisms. An attacker able to interact with Casdoor’s authentication interface may impersonate users, bypass multifactor authentication (MFA), forge and replay assertions, and achieve persistent unauthorized access.

Description

Casdoor is an open-source identity and access management (IAM) platform and Model Context Protocol (MCP) gateway that provides authentication, single sign-on, and multi-protocol identity services. It is designed to centralize and streamline access control, allowing organizations to manage user identities and permissions across multiple applications and environments.

CVE-2026-9090
Casdoor versions 2.362.0 and earlier contain a vulnerability that allows an attacker to bypass authentication by supplying an arbitrary signing certificate. The buildSpCertificateStore function extracts the X.509 certificate directly from the incoming SAMLResponse instead of using the trusted pre-configured Identity Provider certificate, allowing an attacker to forge assertions signed with an attacker-controlled key.

CVE-2026-9091
A logic flaw in Casdoor's social‑login binding flow allows users to bypass configured MFA requirements. The binding‑rule code path in controllers/auth.go calls HandleLoggedIn directly without invoking checkMfaEnable. Any user authenticating via this path is logged in without MFA enforcement.

CVE-2026-9092
Casdoor contains a vulnerability involving unverified email binding that may enable account takeover. The getExistUserByBindingRule function matches users by email address without checking the email_verified claim returned from upstream providers, and the idp.UserInfo struct does not include a EmailVerified field. Therefore, an attacker can supply an unverified email claim from an upstream provider to take over accounts that use the same email address.

CVE-2026-9093
Casdoor's SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. Casdoor never sets the AudienceURI field to specify which service provider the assertion is intended for, and does not check for audience mismatch warnings alerted by WarningInfo.NotInAudience. As a result, Casdoor may improperly accept assertions that were issued for a different service provider.

CVE-2026-9094
Casdoor contains a vulnerability that enables cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does not verify that the token's user belongs to the same organization as the target application. This can result in privilege escalation across organizational boundaries.

CVE-2026-9095
Casdoor maps SAML assertions to user sessions without replay protection. The ParseSamlResponse() function in object/saml_sp.go calls sp.RetrieveAssertionInfo() and immediately maps the result to a user session. There is no assertion ID cache, OneTimeUse condition enforcement, or replay detection anywhere in the SAML SP code path. As a result, an attacker can replay a previously captured SAML assertion to obtain an authenticated session for the assertion’s subject, including administrator accounts, without needing the user’s password or MFA credentials.

CVE-2026-9096
Casdoor does not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.WarningInfo field. However, ParseSamlResponse() never reads this field, meaning that time bounds are computed by the library but silently discarded before the user session is issued.

CVE-2026-9097
Casdoor does not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and parses its claims, but never queries the Token table to verify whether the subject token has been revoked or invalidated. Because the revocation check is entirely absent, administrators are unable to terminate active sessions or revoke compromised tokens.

CVE-2026-9098
The SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnRequest previously issued by Casdoor. Additionally, if an administrator disables or deletes an identity provider (IdP) after a SAML flow has started, the handler still processes the response using the provider snapshot loaded at the start of the request. As a result, an attacker controlling a registered upstream IdP can send unsolicited SAML responses, or replay a legitimately captured response in a different session or after the original flow has ended. In both cases, Casdoor accepts the response and issues a session, enabling persistent unauthorized access.

Impact

Exploitation of these vulnerabilities can allow attackers to impersonate users, bypass authentication controls, and escalate privileges across Casdoor deployments.

CVE‑2026‑9090, CVE‑2026‑9093, CVE‑2026‑9095, CVE‑2026‑9096, CVE‑2026‑9098:
Multiple flaws in SAML processing allow assertion forgery or replay, misuse of assertions across sessions, and the processing of expired or unsolicited SAML responses. Because certificate trust is not enforced, time bounds and audience restrictions are ignored, and responses are not correlated to prior AuthnRequests, attackers can submit malicious or previously-captured assertions to obtain authenticated sessions for arbitrary users, including administrators.

CVE‑2026‑9091, CVE‑2026‑9092:
Weaknesses in MFA protection and binding logic further contribute to the risk of account compromise, enabling attackers to bypass MFA and potentially take over other accounts via unverified email claims. An attacker can exploit these flaws to gain persistent unauthorized access by bypassing configured authentication requirements or security controls.

CVE‑2026‑9094, CVE‑2026‑9097:
The discovered token-exchange flaws enable cross‑organization privilege escalation and prevent administrators from reliably revoking tokens. Because user‑organization membership is not validated and token revocation status is not checked, compromised or malicious tokens may be exchanged for elevated privileges in other organizations, and administrators cannot reliably terminate active sessions.

Solution

Unfortunately, we were unable to reach the Casdoor team to coordinate this vulnerability, and a patch is not yet available. Users are advised to implement stricter identity governance controls and utilize external validation tools to better enforce application boundaries. Restrict identity provider (IdP) usage only to trusted providers, reinforce high-privilege accounts with additional authentication paths such as downstream MFA, and monitor logs for any unusual SAML or token activity to reduce the exploitability of these issues.

Acknowledgements

We extend our thanks to Zixu (Jason) Zhou (University of Toronto, PhD student), David Lie (University of Toronto, Professor), Ilya Grishchenko (University of Toronto, Postdoc), and Xiangyu Guo (University of Toronto, PhD student) for researching and reporting these vulnerabilities. This document was written by Molly Jaconski.

Az elmúlt években számos weboldal használt rejtett követési technikákat a látogatók böngészési előzményeinek, eszközlenyomatainak, billentyűleütéseinek és egérmozgásainak megfigyelésére.

Az FBI figyelmeztetést adott ki a Kali365 nevű phishing-as-a-service (PhaaS) platformmal kapcsolatban, amely a Microsoft 365-fiókok kompromittálására specializálódott. A szolgáltatás az OAuth 2.0 Device Authorization hitelesítési folyamatát kihasználva lehetővé teszi a támadók számára a többtényezős hitelesítés (MFA) megkerülését jelszavak vagy egyszer használatos kódok megszerzése nélkül. A módszer eredetileg olyan eszközök hitelesítésére szolgál, amelyek korlátozott beviteli […]

A Have I Been Pwned jelentése szerint a ShinyHunters nevű zsarolócsoport több mint 183 ezer ember személyes adataihoz férhetett hozzá, miután áprilisban kompromittálták a 7-Eleven kiskereskedelmi hálózat egyes rendszereit. A vállalat május 1-jén értesítette az érintett ügyfeleket arról, hogy a támadók április elején jogosulatlan hozzáférést szereztek a 7-Eleven bizonyos rendszereihez, és ismeretlen számú ügyfél személyes […]

Az Indian Computer Emergency Response Team (CERT-In) új irányelvet javasol az internethez kapcsolódó rendszerekben fellelhető kritikus sérülékenységek esetében. Javaslatuk szerint – amennyiben ez megvalósítható – a szervezeteket kötelesek 12 órán belül javítani ezeket a hibákat, hogy védelmet nyújthassanak a potenciális fenyegetésekkel szemben, amelyek során a rosszindulatú szereplők AI eszközöket és LLM-eket használnak. Ezzel a sebezhetőségek […]

Az Anthropic bejelentette, hogy hosszabb távon nyilvánosan is elérhetővé kívánja tenni a Mythos sérülékenységkutató MI teljesítményével vetekedő egyéb modelljeit

A Digital Knowledge KnowledgeDeliver LMS súlyos, javítás előtti sérülékenységét támadók webshell telepítésére, jogosultságmódosításra és Cobalt Strike-ot terjesztő hamis biztonsági frissítés kiszolgálására használták ki, rávilágítva a hardcoded titkos kulcsok súlyos kockázataira.

A Microsoft az új Defender for Endpoint funkció tesztelését végzi, amely automatikusan elkülöníti a kompromittált végpontokat, hogy megakadályozza a támadók oldalirányú mozgását a hálózaton. Mostantól előnézeti módban lesz elérhető a funkció és az automatikus támadásmegszakítás részeként fog működni annak érdekében, hogy megfékezzék a támadásokat, csökkentsék azok lehetséges hatásait, illetve hogy több időt biztosítsanak a biztonsági […]

A CISA elrendelte, hogy az amerikai kormányzati szerveknek legkésőbb szerdáig frissíteniük kell rendszereiket a Drupal tartalomkezelő rendszer (CMS) egy aktívan kihasznált SQL injection sérülékenység miatt. A Drupal-t jellemzően olyan nagy szervezetek használják, amelyek hatalmas adatstruktúrákat és több telephelyes telepítéseket kezelnek. Ilyenek például a kormányzati szervek, oktatási szervezetek, nagyobb kutatóegyetemek és magas rangú vállalatok és médiaszervezetek. […]

A Ghost tartalomkezelő rendszer (CMS) egy néhány hónappal ezelőtt javított sebezhetőségét kihasználva több száz weboldalt feltörtek, köztük olyan nagyobb szervezetek weboldalait is, mint a Harvard, az Oxford és a DuckDuckGo. A Ghost egy széles körben használt, nyílt forráskódú CMS (content management system), amelyet kifejezetten blogoláshoz, hírlevelekhez és publikáláshoz terveztek, továbbá beépített lehetőségeket kínál a részvételi […]

A Krebs állítása szerint a CISA számos felhőszolgáltatásához kapcsolódó digitális kulcsot hagyott szabadon, plain text formátumban – egyes esetekben nem tudni, hogy mennyi ideje lehettek ott. Ezt a problémát végül az elmúlt hétvégén orvosolták. Az adattároló egyes jelentések szerint „Private-CISA” néven volt megtalálható, és .CSV fájltípusban jelszavakat, bejelentkezési kulcsokat és tokeneket tartalmazott. A Krebs-nek adott […]