OpenWrt Sysupgrade flaw let hackers push malicious firmware images
A flaw in OpenWrt's Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious…
QR codes bypass browser isolation for malicious C2 communication
Mandiant has identified a novel method to bypass contemporary browser isolation technology and achieve command-and-control C2 operations. [...]
Microsoft Expands Access to Windows Recall AI Feature
The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured…
Microsoft expands Recall preview to Intel and AMD Copilot+ PCs
Microsoft is now testing its AI-powered Recall feature on AMD and Intel-powered Copilot+ PCs enrolled in the Windows 11 Insider…
‘Bootkitty’ First Bootloader to Take Aim at Linux
Though it's still just a proof of concept, the malware is functional and can evade the Secure Boot process on…
Korea arrests CEO for adding DDoS feature to satellite receivers
South Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated…
AWS Launches New Incident Response Service
AWS Security Incident Response will help security teams defend their organizations from account takeovers, breaches, ransomware attacks, and other types…
Mozilla really wants you to set Firefox as default Windows browser
In an effort to turn the tide, Mozilla is testing a fresh approach that could persuade more people to switch…
Google Chrome’s AI feature lets you quickly check website trustworthiness
Google Chrome's upcoming feature uses AI to provide a summary of reviews from independent websites about the store or website…
Novel phishing campaign uses corrupted Word documents to evade security
A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them…