Beijing will soon expect Chinese network operators to ‘fess up to serious cyber incidents within an hour of spotting them – or risk penalties for dragging their feet. From November 1, the Cyberspace Administration of China (CAC) will enforce its new National Cybersecurity Incident Reporting Management Measures, a sweeping set of rules that tighten how Read more about China: 1-hour deadline on serious cyber incident reporting[…]
Samsung has fixed a critical flaw that affects its Android devices – but not before attackers found and exploited the bug, which could allow remote code execution on affected devices. The vulnerability, tracked as CVE-2025-21043, affects Android OS versions 13, 14, 15, and 16. It’s due to an out-of-bounds write vulnerability in libimagecodec.quram.so, a parsing Read more about Samsung patches Android WhatsApp vuln exploited in the wild on Apple devices[…]
A critical code-injection bug in SAP S/4HANA that allows low-privileged attackers to take over your SAP system is being actively exploited, according to security researchers. SAP issued a patch for the 9.9-rated flaw in August. It is tracked as CVE-2025-42957, and it affects both private cloud and on-premises versions. According to SecurityBridge Threat Research Labs, Read more about Critical, make-me-super-user SAP S/4HANA bug being exploited[…]
A new peer-reviewed study alleges that 18 of the 100 most-downloaded virtual private network (VPN) apps on the Google Play Store are secretly connected in three large families, despite claiming to be independent providers. The paper doesn’t indict any of our picks for the best VPN, but the services it investigates are popular, with 700 Read more about 18 popular VPNs turn out to belong to 3 different owners – and contain insecurities as well[…]
U.S. Director of National Intelligence Tulsi Gabbard said on Monday the UK had agreed to drop its mandate for iPhone maker Apple to provide a “backdoor” that would have enabled access to the protected encrypted data of American citizens. Gabbard issued the statement on X saying she had worked for months with Britain, along with Read more about US spy chief Gabbard says UK agreed to drop ‘backdoor’ mandate for Apple[…]
In a scientific study involving thousands of test subjects, eight months and four different kinds of phishing training, the average improvement rate of falling for phishing scams was a whopping 1.7%. “Is all of this focus on training worth the outcome?” asked researcher Ariana Mirian, a senior security researcher at Censys and recently a Ph.D. Read more about Phishing training is pretty pointless, researchers find[…]
Google has issued a security update for its Chrome browser which you should apply right now. That’s because Google has fixed six issues in its widely-used browser, half of which are rated as having a high severity. The Chrome Stable channel has been updated to 139.0.7258.127/.128 for Windows, Mac and 139.0.7258.127 for Linux, Google said Read more about Google Issues New Update Warning To 3.5 Billion Chrome Users[…]
Microsoft Recall, the AI app that takes screenshots of what you do on your PC so you can search for it later, has a filter that’s supposed to prevent it from screenshotting sensitive info like credit card numbers. But a The Register test shows that it still fails in many cases, creating a potential treasure Read more about Microsoft Recall can still nab credit cards, passwords, info and share them remotely[…]
[…] Airportr, a UK-based luggage service that partners with airlines to let its largely UK- and Europe-based users pay to have their bags picked up, checked, and delivered to their destination. Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including Read more about A Premium Luggage Service’s Web Bugs Exposed the Travel Plans of Every User—Including Diplomats[…]
[…]The practice allows malicious scripts and early-stage malware to fetch binary files without having to download them from suspicious sites or attach them to emails, where they frequently get quarantined by antivirus software. That’s because traffic for DNS lookups often goes largely unmonitored by many security tools. […] Researchers from DomainTools on Tuesday said they Read more about Hackers exploit a blind spot by hiding malware inside DNS records[…]
Microsoft has warned users of SharePoint Server that three on-prem versions of the product include a zero-day flaw that is under attack – and that its own failure to completely fix past problems is the cause. In a July 19 security note, the software giant admitted it is “… aware of active attacks targeting on-premises Read more about Microsoft warns on-prem SharePoint users of a zero-day, won’t patch it though[…]
A recruitment platform used by McDonald’s is alleged to have had such poor cybersecurity that researchers were able to log into it using a non-password and thus gain access to information on tens of millions of job applicants, including contact details and chat logs between the user and the restaurant’s AI bot. The platform in Read more about Bug Hunters Gain Access to 64 Million McDonald’s Job Applicants’ Info by Using the Password ‘123456’[…]
Cisco has issued a patch for a critical 10 out of 10 severity bug in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) that could allow an unauthenticated, remote attacker to run arbitrary code on the operating system with root-level privileges. ISE is a network access control and security policy management platform, Read more about Watch out, another max-severity Cisco bug on the loose[…]
Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models Read more about Update your Brother printer: Multiple Critical Vulnerabilities found[…]
[…] Google has been working on ways to warn Android users or prevent them from sending communications over insecure cellular networks. Win $5,000! See all deals Reserve the next Galaxy for $50 Samsung Credit and a chance to win $5,000!Sign up to save Limited Time! With the release of Android 12, for example, Google added Read more about Android 16 can warn you that you might be connected to a fake cell tower[…]
A sharply argued blog post warns that heavy reliance on Microsoft poses serious strategic risks for organizations – a viewpoint unlikely to win favor with Redmond or its millions of corporate customers. Czech developer and pen-tester Miloslav Homer has an interesting take on reducing an organization’s exposure to security risks. In an article headlined “Microsoft Read more about Security pro counts the cost of Microsoft dependency[…]
Cisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems. Tracked as CVE-2025-20281 and CVE-2025-20282, Cisco assigned them both maximum 10/10 severity ratings, although the former was reduced to 9.8 by the National Vulnerability Database. Both bugs affect Cisco Identity Services Engine (ISE) Read more about Cisco fixes two critical make-me-root bugs[…]
The UK’s data watchdog is fining beleaguered DNA testing outfit 23andMe £2.31 million ($3.13 million) over its 2023 mega breach. Among the various security failings demonstrated by the genetics company were: Unsatisfactory authentication measures, including lack of mandatory MFA and unsecure password requirements No measures taken to prevent accessing and downloading raw genetic data No Read more about UK data watchdog fines 23andMe £2.3M over incompetently handled 2023 DNA megabreach[…]
Russian counterintelligence agents are analyzing data from the popular Chinese messaging and social media app WeChat to monitor people who might be in contact with Chinese spies, according to a Russian intelligence document obtained by The New York Times. The disclosure highlights the rising level of concern about Chinese influence in Russia as the two Read more about How Russian Spies Are Analyzing Data From China’s WeChat App[…]
A few months ago, I disabled javascript on my browser while testing if there were any Google services left that still worked without JS in the modern web. Interestingly enough, the username recovery form still worked! This surprised me, as I used to think these account recovery forms required javascript since 2018 as they Read more about Bruteforcing the phone number of any Google user[…]
Initially spotted in May 2018 by researchers at the email security firm Proofpoint, DanaBot is a malware-as-a-service platform that specializes in credential theft and banking fraud. Today, the U.S. Department of Justice unsealed a criminal complaint and indictment from 2022, which said the FBI identified at least 40 affiliates who were paying between $3,000 and Read more about Oops: DanaBot Malware Devs Infected Their Own PCs[…]
Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed. Discovered by Codean Labs’ Edoardo Geraci and Thomas Rinsma, the vulnerability essentially undermines the core purpose of using public key cryptography to secure communications. Tracked as CVE-2025-47934 (8.7 Read more about Upgrade now: OpenPGP.js bug enables encrypted message spoofing[…]
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X. Up until now, its Cybersecurity Alerts and Advisories website has Read more about CISA changes vulnerabilities updates, shifts to defunct website X(twitter) as do NTSB, SSA[…]
A security lapse at dating app Raw publicly exposed the personal data and private location data of its users, TechCrunch has found. The exposed data included users’ display names, dates of birth, dating and sexual preferences associated with the Raw app, as well as users’ locations. Some of the location data included coordinates that were Read more about Dating app Raw exposed users’ location data and personal information[…]
Turns out Microsoft’s latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates. The folder, typically c:\inetpub, reappeared on Windows systems in April as part of Microsoft’s mitigation for CVE-2025-21204, an Read more about Microsoft mystery folder fix needs a fix of its own with simple POC[…]