Update your Brother printer: Multiple Critical Vulnerabilities found

Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd. This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models Read more about Update your Brother printer: Multiple Critical Vulnerabilities found[…]

Android 16 can warn you that you might be connected to a fake cell tower

[…] Google has been working on ways to warn Android users or prevent them from sending communications over insecure cellular networks. Win $5,000! See all deals Reserve the next Galaxy for $50 Samsung Credit and a chance to win $5,000!Sign up to save Limited Time! With the release of Android 12, for example, Google added Read more about Android 16 can warn you that you might be connected to a fake cell tower[…]

Security pro counts the cost of Microsoft dependency

A sharply argued blog post warns that heavy reliance on Microsoft poses serious strategic risks for organizations – a viewpoint unlikely to win favor with Redmond or its millions of corporate customers. Czech developer and pen-tester Miloslav Homer has an interesting take on reducing an organization’s exposure to security risks. In an article headlined “Microsoft Read more about Security pro counts the cost of Microsoft dependency[…]

Cisco fixes two critical make-me-root bugs

Cisco has dropped patches for a pair of critical vulnerabilities that could allow unauthenticated remote attackers to execute code on vulnerable systems. Tracked as CVE-2025-20281 and CVE-2025-20282, Cisco assigned them both maximum 10/10 severity ratings, although the former was reduced to 9.8 by the National Vulnerability Database. Both bugs affect Cisco Identity Services Engine (ISE) Read more about Cisco fixes two critical make-me-root bugs[…]

UK data watchdog fines 23andMe £2.3M over incompetently handled 2023 DNA megabreach

The UK’s data watchdog is fining beleaguered DNA testing outfit 23andMe £2.31 million ($3.13 million) over its 2023 mega breach. Among the various security failings demonstrated by the genetics company were: Unsatisfactory authentication measures, including lack of mandatory MFA and unsecure password requirements No measures taken to prevent accessing and downloading raw genetic data No Read more about UK data watchdog fines 23andMe £2.3M over incompetently handled 2023 DNA megabreach[…]

How Russian Spies Are Analyzing Data From China’s WeChat App

Russian counterintelligence agents are analyzing data from the popular Chinese messaging and social media app WeChat to monitor people who might be in contact with Chinese spies, according to a Russian intelligence document obtained by The New York Times. The disclosure highlights the rising level of concern about Chinese influence in Russia as the two Read more about How Russian Spies Are Analyzing Data From China’s WeChat App[…]

Bruteforcing the phone number of any Google user

A few months ago, I disabled javascript on my browser while testing if there were any Google services left that still worked without JS in the modern web. Interestingly enough, the username recovery form still worked! ‎ This surprised me, as I used to think these account recovery forms required javascript since 2018 as they Read more about Bruteforcing the phone number of any Google user[…]

Oops: DanaBot Malware Devs Infected Their Own PCs

Initially spotted in May 2018 by researchers at the email security firm Proofpoint, DanaBot is a malware-as-a-service platform that specializes in credential theft and banking fraud. Today, the U.S. Department of Justice unsealed a criminal complaint and indictment from 2022, which said the FBI identified at least 40 affiliates who were paying between $3,000 and Read more about Oops: DanaBot Malware Devs Infected Their Own PCs[…]

Upgrade now: OpenPGP.js bug enables encrypted message spoofing

Security researchers are sounding the alarm over a fresh flaw in the JavaScript implementation of OpenPGP (OpenPGP.js) that allows both signed and encrypted messages to be spoofed. Discovered by Codean Labs’ Edoardo Geraci and Thomas Rinsma, the vulnerability essentially undermines the core purpose of using public key cryptography to secure communications. Tracked as CVE-2025-47934 (8.7 Read more about Upgrade now: OpenPGP.js bug enables encrypted message spoofing[…]

CISA changes vulnerabilities updates, shifts to defunct website X(twitter) as do NTSB, SSA

The US government’s Cybersecurity and Infrastructure Security Agency (CISA) announced Monday that going forward, only urgent alerts tied to emerging threats or major cyber activity will appear on its website. Routine updates, guidance, and other notifications will instead be shared via email, RSS, and X. Up until now, its Cybersecurity Alerts and Advisories website has Read more about CISA changes vulnerabilities updates, shifts to defunct website X(twitter) as do NTSB, SSA[…]

Dating app Raw exposed users’ location data and personal information

A security lapse at dating app Raw publicly exposed the personal data and private location data of its users, TechCrunch has found. The exposed data included users’ display names, dates of birth, dating and sexual preferences associated with the Raw app, as well as users’ locations. Some of the location data included coordinates that were Read more about Dating app Raw exposed users’ location data and personal information[…]

Microsoft mystery folder fix needs a fix of its own with simple POC

Turns out Microsoft’s latest patch job might need a patch of its own, again. This time, the culprit is a mysterious inetpub folder quietly deployed by Redmond, now hijacked by a security researcher to break Windows updates. The folder, typically c:\inetpub, reappeared on Windows systems in April as part of Microsoft’s mitigation for CVE-2025-21204, an Read more about Microsoft mystery folder fix needs a fix of its own with simple POC[…]

Don’t delete your new inetpub folder. It’s a Windows security fix

Canny Windows users who’ve spotted a mysterious folder on hard drives after applying last week’s security patches for the operating system can rest assured – it’s perfectly benign. In fact, it’s recommended you leave the directory there. The folder, typically C:\inetpub, is empty and related to Microsoft’s Internet Information Services (IIS). It will be created Read more about Don’t delete your new inetpub folder. It’s a Windows security fix[…]

Windows’ Recall Spyware Is Back—Here’s How to Control It

Remember Recall? It’s been close to full trip around the sun since Microsoft announced then suddenly pulled its AI-powered, auto-screenshotting “photographic memory” software for Copilot+ PCs. Whether you want it or not, the feature is coming back, and you should be prepared for it not just if you’re planning to use it, but if you imagine Read more about Windows’ Recall Spyware Is Back—Here’s How to Control It[…]

Don’t open that file in WhatsApp for Windows just yet – there is no check if it’s not just a renamed .exe

A bug in WhatsApp for Windows can be exploited to execute malicious code by anyone crafty enough to persuade a user to open a rigged attachment – and, to be fair, it doesn’t take much craft to pull that off. The spoofing flaw, tracked as CVE-2025-30401, affects all versions of WhatsApp Desktop for Windows prior Read more about Don’t open that file in WhatsApp for Windows just yet – there is no check if it’s not just a renamed .exe[…]

Boeing 787 radio software patch didn’t work, says Qatar, it still turns itself off and changes frequencies by itself.

Boeing issued a software safety patch for the VHF radio systems used on its 787 aircraft, and the update turned out to be ineffective, Qatar Airways has complained. In February, the US Department of Transportation issued an advisory [PDF] about a problem with the aircraft’s electronics that was causing VHF radio traffic to unexpectedly switch Read more about Boeing 787 radio software patch didn’t work, says Qatar, it still turns itself off and changes frequencies by itself.[…]

Over a million private photos from MAD Mobile dating apps exposed online

Researchers have discovered nearly 1.5 million pictures from specialist dating apps – many of which are explicit – being stored online without password protection, leaving them vulnerable to hackers and extortionists. Anyone with the link was able to view the private photos from five platforms developed by M.A.D Mobile: kink sites BDSM People and Chica, Read more about Over a million private photos from MAD Mobile dating apps exposed online[…]

Trump’s Defense Secretary Hegseth Orders Cyber Command to ‘Stand Down’ on All Russia Operations

The cybersecurity outlet The Record originally reported that under Trump’s new Defense Secretary Pete Hegseth, U.S. Cyber Command has been ordered to “stand down from all planning against Russia, including offensive digital actions.” The outlet cites three anonymous sources who are familiar with the matter. The order reportedly does not apply to the National Security Read more about Trump’s Defense Secretary Hegseth Orders Cyber Command to ‘Stand Down’ on All Russia Operations[…]

PeerAuth – easy way to authenticate a real person

Machine learning has become more and more powerful, to the point where a bad actor can take a photo and a voice recording of someone you know, and forge a complete video recording. See the “OmniHuman-1” model developed by ByteDance: discussion on X ByteDance’s paper   Bad actors can now digitally impersonate someone you love, Read more about PeerAuth – easy way to authenticate a real person[…]

After Snowden and now Trump, Europe  Finally begins to worry about US-controlled clouds

In a recent blog post titled “It is no longer safe to move our governments and societies to US clouds,” Bert Hubert, an entrepreneur, software developer, and part-time technical advisor to the Dutch Electoral Council, articulated such concerns. “We now have the bizarre situation that anyone with any sense can see that America is no Read more about After Snowden and now Trump, Europe  Finally begins to worry about US-controlled clouds[…]

Google pulls plug on Ad blockers such as uBlock Origin by killing Manifest v2

Google’s purge of Manifest v2-based extensions from its Chrome browser is underway, as many users over the past few days may have noticed. Popular content-blocking add-on (v2-based) uBlock Origin is now automatically disabled for many in the ubiquitous browser as it continues the V3 rollout. […] According to the company, Google’s decision to shift to Read more about Google pulls plug on Ad blockers such as uBlock Origin by killing Manifest v2[…]

Generative AI’s Impact on Cybersecurity – Q&A With an Expert

In the ever-evolving landscape of cybersecurity, the integration of generative AI has become a pivotal point of discussion. To delve deeper into this groundbreaking technology and its impact on cybersecurity, we turn to renowned cybersecurity expert Jeremiah Fowler. In this exclusive Q&A session with vpnMentor, Fowler sheds light on the critical role that generative AI Read more about Generative AI’s Impact on Cybersecurity – Q&A With an Expert[…]

Apple Says ‘No’ to UK Backdoor Order, Will Just Disable E2E Cloud Encryption Instead

Good work, Britain. Owners of Apple devices in the United Kingdom will be a little less safe moving forward as the company pulls its most secure end-to-end (E2E) encryption from the country. The move is in response to government demands there that Apple build a backdoor into its iCloud encryption feature that would allow law Read more about Apple Says ‘No’ to UK Backdoor Order, Will Just Disable E2E Cloud Encryption Instead[…]

ChatGPT crawler flaw opens door to DDoS, prompt injection

In a write-up shared this month via Microsoft’s GitHub, Benjamin Flesch, a security researcher in Germany, explains how a single HTTP request to the ChatGPT API can be used to flood a targeted website with network requests from the ChatGPT crawler, specifically ChatGPT-User. This flood of connections may or may not be enough to knock Read more about ChatGPT crawler flaw opens door to DDoS, prompt injection[…]

Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability

Text-generation large language models (LLMs) have safety measures designed to prevent them from responding to requests with harmful and malicious responses. Research into methods that can bypass these guardrails, such as Bad Likert Judge, can help defenders prepare for potential attacks. The technique asks the target LLM to act as a judge scoring the harmfulness Read more about Bad Likert Judge: A Novel Multi-Turn Technique to Jailbreak LLMs by Misusing Their Evaluation Capability[…]