Security researchers at Rapid7 have discovered eight vulnerabilities in Brother printers that affect a total of 689 different printer models. Printers from Fujifilm Business, Ricoh, Toshiba, and Konica are also affected. It […] Thank you for being a Ghacks reader.…
Tag: EN
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 16, 2025 to June 22, 2025)
📢 Calling all Vulnerability Researchers and Bug Bounty Hunters! 📢 🌞 Spring into Summer with Wordfence! Now through August 4, 2025, earn 2X bounty rewards for all in-scope submissions from our ‘High Threat’ list in software with fewer than 5…
Why a Classic MCP Server Vulnerability Can Undermine Your Entire AI Agent
A single SQL injection bug in Anthropic’s SQLite MCP server—forked over 5,000 times—can seed stored prompts, exfiltrate data, and hand attackers the keys to entire agent workflows. This entry unpacks the attack chain and lays out concrete fixes to shut…
Meta Wins AI Copyright Lawsuit Against Authors
Second legal victory for AI industry, after Meta Platforms becomes the latest to win copyright infringement lawsuit This article has been indexed from Silicon UK Read the original article: Meta Wins AI Copyright Lawsuit Against Authors
Beyond the Checklist: A Security Architect’s Guide to Comprehensive Assessments
A security architect’s role extends far beyond designing secure systems. It demands a continuous, vigilant approach to assessing the effectiveness of implemented controls against evolving threats. With the proliferation of cloud-native architectures, microservices, and distributed environments, a mere checklist approach…
Jailbroken AIs are helping cybercriminals to hone their craft
Cybercriminals are using jailbroken AI models to assist them in designing campaigns and improving their tactics. This article has been indexed from Malwarebytes Read the original article: Jailbroken AIs are helping cybercriminals to hone their craft
WhatsApp to Introduce AI-Powered Message Summaries for Faster Catch-Up
WhatsApp has announced the upcoming launch of “Message Summaries”—an AI-powered feature designed to help users quickly catch up on unread messages. Powered by Meta AI, this innovation aims to provide concise, private summaries of chats, making it easier than ever…
The AI Arms Race: When Attackers Leverage Cutting-Edge Tech
For too long, the narrative around AI in cyber security has focused on its defensive capabilities. While AI is revolutionizing how organizations protect themselves – bringing unprecedented speed, accuracy, and automation – it’s crucial to acknowledge the other side of…
Turn a Single Detection into Enterprise-Wide Prevention with Infinity Playblocks
Modern cyber attacks move faster than ever before. While your security team is analyzing one threat, attackers are already spreading across your network, exploiting the gaps between siloed security tools and manual response processes. To stop threats, your security measures…
The $177 million AT&T data breach settlement could mean a payout for you – how to qualify
The wireless carrier is offering compensation to users who had their personal information leaked and sold to the dark web. This article has been indexed from Latest stories for ZDNET in Security Read the original article: The $177 million AT&T…
Top identity security themes at Identiverse 2025
Identiverse 2025 found security pros tackling nonhuman identity risks, preparing for agentic AI challenges and shifting from homegrown to commercial CIAM tools. This article has been indexed from Security Resources and Information from TechTarget Read the original article: Top identity…
Iranian Spear-Phishing Attack Mimic Google, Outlook, and Yahoo Domains
A sophisticated Iranian cyber espionage campaign has resurfaced with renewed intensity, targeting high-profile figures through meticulously crafted spear-phishing operations that impersonate major email providers including Google, Outlook, and Yahoo. The campaign, attributed to the threat actor known as Educated Manticore,…
Researchers Obfuscated & Weaponized .NET Assemblies Using MacroPack
The cybersecurity landscape has witnessed a significant evolution in malware sophistication, with threat actors increasingly leveraging legitimate programming frameworks for malicious purposes. A recent development has emerged involving the weaponization of .NET assemblies through advanced obfuscation techniques, marking a concerning…
CISA Warns of D-Link Path Traversal Vulnerability Exploited in Attacks
CISA has issued an urgent warning regarding a critical path traversal vulnerability affecting D-Link DIR-859 routers that is being actively exploited in the wild. The vulnerability, designated as CVE-2024-0769, was added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on June…
nOAuth Abuse Leads to Full Account Takeover of Entra Cross-Tenant SaaS Applications
A critical authentication vulnerability known as nOAuth abuse has emerged as a severe threat to Microsoft Entra ID integrated SaaS applications, enabling attackers to achieve complete account takeover with minimal technical complexity. The vulnerability exploits fundamental flaws in how application…
Microsoft Teams New Feature Enables Admins to Manage Certified M365 Apps for Enhanced Security
Microsoft has announced a significant security enhancement for Microsoft Teams administrators, introducing a new feature that enables bulk management of Microsoft 365-certified applications through rule-based controls. This development, identified under Microsoft 365 Roadmap ID 485712, represents a major advancement in…
Israel Iran Crisis Fuels Surge in State Backed Cyberattacks
As Israeli and Iranian forces engaged in a conventional military exchange on June 13, 2025, the conflict has rapidly escalated into a far more complex and multi-faceted conflict that is increasingly involving a slew of coordinated cyberattacks against a…
Study Reveals API Security Gaps in Asia-Pacific Compliance Programs
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Blog Read the original article: Study Reveals API Security Gaps in Asia-Pacific Compliance Programs
Cisco ISE Vulnerability Allows Remote Attackers to Execute Malicious Commands
Cisco has issued urgent security patches addressing two critical vulnerabilities in its Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) platforms. These flaws, which both carry the highest possible CVSS severity score of 10.0, could allow unauthenticated remote…
Cisco fixed critical ISE flaws allowing Root-level remote code execution
Cisco released patches to address two critical vulnerabilities in ISE and ISE-PIC that could let remote attackers execute to code as root. Cisco addressed two critical vulnerabilities, tracked as CVE-2025-20281 and CVE-2025-20282, in Identity Services Engine (ISE) and ISE Passive…