Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models Read more about Update your Brother printer: Multiple Critical Vulnerabilities found[…]

Cisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems. Tracked as CVE-2025-20281 and CVE-2025-20282, Cisco assigned them both maximum 10/10 severity ratings, although the former was reduced to 9.8 by the National Vulnerability Database. Both bugs affect Cisco Identity Services Engine (ISE) Read more about Cisco fixes two critical make-me-root bugs[…]

The UK’s data watchdog is fining beleaguered DNA testing outfit 23andMe £2.31 million ($3.13 million) over its 2023 mega breach. Among the various security failings demonstrated by the genetics company were: Unsatisfactory authentication measures, including lack of mandatory MFA and unsecure password requirements No measures taken to prevent accessing and downloading raw genetic data No Read more about UK data watchdog fines 23andMe £2.3M over incompetently handled 2023 DNA megabreach[…]

Initially spotted in May 2018 by researchers at the email security firm Proofpoint, DanaBot is a malware-as-a-service platform that specializes in credential theft and banking fraud. Today, the U.S. Department of Justice unsealed a criminal complaint and indictment from 2022, which said the FBI identified at least 40 affiliates who were paying between $3,000 and Read more about Oops: DanaBot Malware Devs Infected Their Own PCs[…]

Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed. Discovered by Codean Labs’ Edoardo Geraci and Thomas Rinsma, the vulnerability essentially undermines the core purpose of using public key cryptography to secure communications. Tracked as CVE-2025-47934 (8.7 Read more about Upgrade now: OpenPGP.js bug enables encrypted message spoofing[…]

The US government’s Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X. Up until now, its Cybersecurity Alerts and Advisories website has Read more about CISA changes vulnerabilities updates, shifts to defunct website X(twitter) as do NTSB, SSA[…]

Turns out Microsoft’s latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates. The folder, typically c:\inetpub, reappeared on Windows systems in April as part of Microsoft’s mitigation for CVE-2025-21204, an Read more about Microsoft mystery folder fix needs a fix of its own with simple POC[…]

Canny Windows users who’ve spotted a mysterious folder on hard drives after applying last week’s security patches for the operating system can rest assured – it’s perfectly benign. In fact, it’s recommended you leave the directory there. The folder, typically C:\inetpub, is empty and related to Microsoft’s Internet Information Services (IIS). It will be created Read more about Don’t delete your new inetpub folder. It’s a Windows security fix[…]

Remember Recall? It’s been close to full trip around the sun since Microsoft announced then suddenly pulled its AI-powered, auto-screenshotting “photographic memory” software for Copilot+ PCs. Whether you want it or not, the feature is coming back, and you should be prepared for it not just if you’re planning to use it, but if you imagine Read more about Windows’ Recall Spyware Is Back—Here’s How to Control It[…]

A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment – and, to be fair, it doesn’t take much craft to pull that off. The spoofing flaw, tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior Read more about Don’t open that file in WhatsApp for Windows just yet – there is no check if it’s not just a renamed .exe[…]

Boeing issued a software safety patch for the VHF radio systems used on its 787 aircraft, and the update turned out to be ineffective, Qatar Airways has complained. In February, the US Department of Transportation issued an advisory [PDF] about a problem with the aircraft’s electronics that was causing VHF radio traffic to unexpectedly switch Read more about Boeing 787 radio software patch didn’t work, says Qatar, it still turns itself off and changes frequencies by itself.[…]

Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists. Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, Read more about Over a million private photos from MAD Mobile dating apps exposed online[…]

The cybersecurity outlet The Record originally reported that under Trump’s new Defense Secretary Pete Hegseth, U.S. Cyber Command has been ordered to “stand down from all planning against Russia, including offensive digital actions.” The outlet cites three anonymous sources who are familiar with the matter. The order reportedly does not apply to the National Security Read more about Trump’s Defense Secretary Hegseth Orders Cyber Command to ‘Stand Down’ on All Russia Operations[…]

Machine learning has become more and more powerful, to the point where a bad actor can take a photo and a voice recording of someone you know, and forge a complete video recording. See the “OmniHuman-1” model developed by ByteDance: discussion on X ByteDance’s paper   Bad actors can now digitally impersonate someone you love, Read more about PeerAuth – easy way to authenticate a real person[…]

Good work, Britain. Owners of Apple devices in the United Kingdom will be a little less safe moving forward as the company pulls its most secure end-to-end (E2E) encryption from the country. The move is in response to government demands there that Apple build a backdoor into its iCloud encryption feature that would allow law Read more about Apple Says ‘No’ to UK Backdoor Order, Will Just Disable E2E Cloud Encryption Instead[…]