The US government’s Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X. Up until now, its Cybersecurity Alerts and Advisories website has Read more about CISA changes vulnerabilities updates, shifts to defunct website X(twitter) as do NTSB, SSA[…]

Turns out Microsoft’s latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates. The folder, typically c:\inetpub, reappeared on Windows systems in April as part of Microsoft’s mitigation for CVE-2025-21204, an Read more about Microsoft mystery folder fix needs a fix of its own with simple POC[…]

Canny Windows users who’ve spotted a mysterious folder on hard drives after applying last week’s security patches for the operating system can rest assured – it’s perfectly benign. In fact, it’s recommended you leave the directory there. The folder, typically C:\inetpub, is empty and related to Microsoft’s Internet Information Services (IIS). It will be created Read more about Don’t delete your new inetpub folder. It’s a Windows security fix[…]

Remember Recall? It’s been close to full trip around the sun since Microsoft announced then suddenly pulled its AI-powered, auto-screenshotting “photographic memory” software for Copilot+ PCs. Whether you want it or not, the feature is coming back, and you should be prepared for it not just if you’re planning to use it, but if you imagine Read more about Windows’ Recall Spyware Is Back—Here’s How to Control It[…]

A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment – and, to be fair, it doesn’t take much craft to pull that off. The spoofing flaw, tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior Read more about Don’t open that file in WhatsApp for Windows just yet – there is no check if it’s not just a renamed .exe[…]

Boeing issued a software safety patch for the VHF radio systems used on its 787 aircraft, and the update turned out to be ineffective, Qatar Airways has complained. In February, the US Department of Transportation issued an advisory [PDF] about a problem with the aircraft’s electronics that was causing VHF radio traffic to unexpectedly switch Read more about Boeing 787 radio software patch didn’t work, says Qatar, it still turns itself off and changes frequencies by itself.[…]

Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists. Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, Read more about Over a million private photos from MAD Mobile dating apps exposed online[…]

The cybersecurity outlet The Record originally reported that under Trump’s new Defense Secretary Pete Hegseth, U.S. Cyber Command has been ordered to “stand down from all planning against Russia, including offensive digital actions.” The outlet cites three anonymous sources who are familiar with the matter. The order reportedly does not apply to the National Security Read more about Trump’s Defense Secretary Hegseth Orders Cyber Command to ‘Stand Down’ on All Russia Operations[…]

Machine learning has become more and more powerful, to the point where a bad actor can take a photo and a voice recording of someone you know, and forge a complete video recording. See the “OmniHuman-1” model developed by ByteDance: discussion on X ByteDance’s paper   Bad actors can now digitally impersonate someone you love, Read more about PeerAuth – easy way to authenticate a real person[…]

Good work, Britain. Owners of Apple devices in the United Kingdom will be a little less safe moving forward as the company pulls its most secure end-to-end (E2E) encryption from the country. The move is in response to government demands there that Apple build a backdoor into its iCloud encryption feature that would allow law Read more about Apple Says ‘No’ to UK Backdoor Order, Will Just Disable E2E Cloud Encryption Instead[…]

Chinese tech company employees and government workers are siphoning off user data and selling it online – and even high-ranking Chinese Communist Party officials and FBI-wanted hackers’ sensitive information is being peddled by the Middle Kingdom’s thriving illegal data ecosystem. “While Western cybercrime research focuses heavily on criminals in the English- and Russian-speaking worlds, there Read more about Chinese scammers, criminals and businesses are exploiting its surveillance state[…]

America’s top cybersecurity and law enforcement officials made a coordinated push Tuesday to raise awareness about cyber threats from foreign actors in the wake of an intrusion of U.S. telecom equipment dubbed Salt Typhoon. The hackers are linked to the Chinese government and they still have a presence in U.S. systems, spying on American communications, Read more about In massive U-turn, FBI Warns Americans to Start Using Encrypted Messaging Apps, after discovering the problem with backdoors[…]

More than 600,000 sensitive files containing thousands of people’s criminal histories, background checks, vehicle and property records were exposed to the internet in a non-password protected database belonging to data brokerage SL Data Services, according to a security researcher. We don’t know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says Read more about Data broker SL leaves 600K+ sensitive files exposed online, doesn’t fix it despite warnings[…]

Cybersecurity Researcher, Jeremiah Fowler, discovered and reported to vpnMentor about a non-password-protected database that contained more than 1.1 million records belonging to Conduitor Limited (trading as Forces Penpals) — a service that offers dating services, and social networking for military members and their supporters. The publicly exposed database was not password-protected or encrypted. It contained Read more about US and UK Armed Forces Dating & Social Networking Service Exposed Over 1 Million Records Online through coding error[…]

There are two major reasons that the U.S. doesn’t pass an internet-era privacy law or regulate data brokers despite a parade of dangerous scandals. One, lobbied by a vast web of interconnected industries with unlimited budgets, Congress is too corrupt to do its job. Two, the U.S. government is disincentivized to do anything because it exploits this Read more about Oh Look, It Was Trivial To Buy Troop And Intelligence Officer Location Data From Dodgy, Unregulated Data Brokers[…]

S Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week’s Pwn2Own hacking competition within days. Midnight Blue security researcher Rick de Jager found the critical zero-click vulnerabilities (tracked together as CVE-2024-10443 and dubbed RISK:STATION) in the company’s Synology Photos and BeePhotos for BeeStation software. As Synology explains in security Read more about Synology and QNAP hurry out patches for zero-days exploited at Pwn2Own[…]