In a scientific study involving thousands of test subjects, eight months and four different kinds of phishing training, the average improvement rate of falling for phishing scams was a whopping 1.7%. “Is all of this focus on training worth the outcome?” asked researcher Ariana Mirian, a senior security researcher at Censys and recently a Ph.D. Read more about Phishing training is pretty pointless, researchers find[…]
Google has issued a security update for its Chrome browser which you should apply right now. That’s because Google has fixed six issues in its widely-used browser, half of which are rated as having a high severity. The Chrome Stable channel has been updated to 139.0.7258.127/.128 for Windows, Mac and 139.0.7258.127 for Linux, Google said Read more about Google Issues New Update Warning To 3.5 Billion Chrome Users[…]
Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that’s supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure Read more about Microsoft Recall can still nab credit cards, passwords, info and share them remotely[…]
[…] Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including Read more about A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats[…]
[…]The practice allows malicious scripts and early-stage malware to fetch binary files without having to download them from suspicious sites or attach them to emails, where they frequently get quarantined by antivirus software. That’s because traffic for DNS lookups often goes largely unmonitored by many security tools. […] Researchers from DomainTools on Tuesday said they Read more about Hackers exploit a blind spot by hiding malware inside DNS records[…]
Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw that is under attack – and that its own failure to completely fix past problems is the cause. In a July 19 security note, the software giant admitted it is “… aware of active attacks targeting on-premises Read more about Microsoft warns on-prem SharePoint users of a zero-day, won’t patch it though[…]
A recruitment platform used by McDonald’s is alleged to have had such poor cybersecurity that researchers were able to log into it using a non-password and thus gain access to information on tens of millions of job applicants, including contact details and chat logs between the user and the restaurant’s AI bot. The platform in Read more about Bug Hunters Gain Access to 64 Million McDonald’s Job Applicants’ Info by Using the Password ‘123456’[…]
Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges. ISE is a network access control and security policy management platform, Read more about Watch out, another max-severity Cisco bug on the loose[…]
Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models Read more about Update your Brother printer: Multiple Critical Vulnerabilities found[…]
[…] Google has been working on ways to warn Android users or prevent them from sending communications over insecure cellular networks. Win $5,000! See all deals Reserve the next Galaxy for $50 Samsung Credit and a chance to win $5,000!Sign up to save Limited Time! With the release of Android 12, for example, Google added Read more about Android 16 can warn you that you might be connected to a fake cell tower[…]
A sharply argued blog post warns that heavy reliance on Microsoft poses serious strategic risks for organizations – a viewpoint unlikely to win favor with Redmond or its millions of corporate customers. Czech developer and pen-tester Miloslav Homer has an interesting take on reducing an organization’s exposure to security risks. In an article headlined “Microsoft Read more about Security pro counts the cost of Microsoft dependency[…]
Cisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems. Tracked as CVE-2025-20281 and CVE-2025-20282, Cisco assigned them both maximum 10/10 severity ratings, although the former was reduced to 9.8 by the National Vulnerability Database. Both bugs affect Cisco Identity Services Engine (ISE) Read more about Cisco fixes two critical make-me-root bugs[…]
The UK’s data watchdog is fining beleaguered DNA testing outfit 23andMe £2.31 million ($3.13 million) over its 2023 mega breach. Among the various security failings demonstrated by the genetics company were: Unsatisfactory authentication measures, including lack of mandatory MFA and unsecure password requirements No measures taken to prevent accessing and downloading raw genetic data No Read more about UK data watchdog fines 23andMe £2.3M over incompetently handled 2023 DNA megabreach[…]
Russian counterintelligence agents are analyzing data from the popular Chinese messaging and social media app WeChat to monitor people who might be in contact with Chinese spies, according to a Russian intelligence document obtained by The New York Times. The disclosure highlights the rising level of concern about Chinese influence in Russia as the two Read more about How Russian Spies Are Analyzing Data From China’s WeChat App[…]
A few months ago, I disabled javascript on my browser while testing if there were any Google services left that still worked without JS in the modern web. Interestingly enough, the username recovery form still worked! This surprised me, as I used to think these account recovery forms required javascript since 2018 as they Read more about Bruteforcing the phone number of any Google user[…]
Initially spotted in May 2018 by researchers at the email security firm Proofpoint, DanaBot is a malware-as-a-service platform that specializes in credential theft and banking fraud. Today, the U.S. Department of Justice unsealed a criminal complaint and indictment from 2022, which said the FBI identified at least 40 affiliates who were paying between $3,000 and Read more about Oops: DanaBot Malware Devs Infected Their Own PCs[…]
Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed. Discovered by Codean Labs’ Edoardo Geraci and Thomas Rinsma, the vulnerability essentially undermines the core purpose of using public key cryptography to secure communications. Tracked as CVE-2025-47934 (8.7 Read more about Upgrade now: OpenPGP.js bug enables encrypted message spoofing[…]
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X. Up until now, its Cybersecurity Alerts and Advisories website has Read more about CISA changes vulnerabilities updates, shifts to defunct website X(twitter) as do NTSB, SSA[…]
A security lapse at dating app Raw publicly exposed the personal data and private location data of its users, TechCrunch has found. The exposed data included users’ display names, dates of birth, dating and sexual preferences associated with the Raw app, as well as users’ locations. Some of the location data included coordinates that were Read more about Dating app Raw exposed users’ location data and personal information[…]
Turns out Microsoft’s latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates. The folder, typically c:\inetpub, reappeared on Windows systems in April as part of Microsoft’s mitigation for CVE-2025-21204, an Read more about Microsoft mystery folder fix needs a fix of its own with simple POC[…]
Canny Windows users who’ve spotted a mysterious folder on hard drives after applying last week’s security patches for the operating system can rest assured – it’s perfectly benign. In fact, it’s recommended you leave the directory there. The folder, typically C:\inetpub, is empty and related to Microsoft’s Internet Information Services (IIS). It will be created Read more about Don’t delete your new inetpub folder. It’s a Windows security fix[…]
Remember Recall? It’s been close to full trip around the sun since Microsoft announced then suddenly pulled its AI-powered, auto-screenshotting “photographic memory” software for Copilot+ PCs. Whether you want it or not, the feature is coming back, and you should be prepared for it not just if you’re planning to use it, but if you imagine Read more about Windows’ Recall Spyware Is Back—Here’s How to Control It[…]
A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment – and, to be fair, it doesn’t take much craft to pull that off. The spoofing flaw, tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior Read more about Don’t open that file in WhatsApp for Windows just yet – there is no check if it’s not just a renamed .exe[…]
Boeing issued a software safety patch for the VHF radio systems used on its 787 aircraft, and the update turned out to be ineffective, Qatar Airways has complained. In February, the US Department of Transportation issued an advisory [PDF] about a problem with the aircraft’s electronics that was causing VHF radio traffic to unexpectedly switch Read more about Boeing 787 radio software patch didn’t work, says Qatar, it still turns itself off and changes frequencies by itself.[…]
Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists. Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, Read more about Over a million private photos from MAD Mobile dating apps exposed online[…]