Rapid7 conducted a zero-day research project into multifunction printers (MFP) from Brother Industries, Ltd.
This research resulted in the discovery of 8 new vulnerabilities. Some or all of these vulnerabilities have been identified as affecting 689 models across Brother’s range of printer, scanner, and label maker devices. Additionally, 46 printer models from FUJIFILM Business Innovation, 5 printer models from Ricoh, and 2 printer models from Toshiba Tec Corporation are affected by some or all of these vulnerabilities. In total, 742 models across 4 vendors are affected. Rapid7, in conjunction with JPCERT/CC, has worked with Brother over the last thirteen months to coordinate the disclosure of these vulnerabilities. The most serious of the findings is the authentication bypass CVE-2024-51978.
Read more…
Source: Rapid7
Sign up for our Newsletter
The latest news and insights delivered right to your inbox.
Related:
- Three Steps to the Terminal: A Siemens ROX II Zero-Day Trilogy
July 17, 2026
Palo Alto Unit 42 conducted this research in close partnership with Siemens, reflecting their shared commitment to advancing the security and resilience of critical infrastructure. This report details a critical, chained exploit comprising three zero-day vulnerabilities (CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949) discovered in Siemens ROX II operational technology (OT) switches. Successful exploitation of this chain would allow ...
- Shark vacuum flaw exposes cameras, home maps and Wi-Fi passwords
July 17, 2026
Shark’s cloud-connected robot vacuums are currently exposed by an unpatched AWS (Amazon Web Services) IoT (Internet of Things) policy flaw that could turn one compromised device into a remote-control skeleton key for many others in the same region, with access to cameras, maps, and Wi‑Fi passwords. A researcher using the handle tokay0 took apart a Shark RV2320EDUS robot vacuum and ...
- Attackers target critical FortiSandbox flaws as CISA issues patch order
July 17, 2026
Fortinet admins have two more reasons to clear their calendars after CISA confirmed a pair of critical FortiSandbox bugs are being actively exploited. The two bugs, tracked as CVE-2026-39808 and CVE-2026-25089, both carry CVSS scores of 9.1 and affect FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. According to Fortinet, they are OS command injection flaws that allow ...
- Top AI tools such as OpenClaw and Github Copilot can be hijacked to create new massive botnets
July 15, 2026
Your favorite AI service could be subverted to deploy code that turns your phone or PC into a botnet, according to researchers at Intuit, Technion, and Tel Aviv University. The technique has been given the name HalluSquatting, a portmanteau of adversarial hallucination squatting, and is similar to typosquatting in that it relies on a mistake in ...
- Microsoft tops last month’s record with 622 Patch Tuesday CVEs
July 14, 2026
Remember last month when we were awed by Microsoft’s record-setting Patch Tuesday that addressed 206 CVEs? That was a quaint era compared to this month: Redmond just rolled out patches for 622 CVEs specific to its products, slightly more than tripling last month’s all-time high. Redmond’s Patch Tuesday release is once again one for the record books, with everything under ...
- Two Chrome updates in two days fix critical vulnerabilities
July 10, 2026
Updating Chrome is becoming an almost daily task lately. But it’s too important to ignore. On Wednesday, July 8, Google released another Chrome update, just one day later after the previous one. Between them, the two updates fixed 27 security vulnerabilities, including two critical flaws that could be exploited to compromise Chrome. Google says both are “use-after-free” memory vulnerabilities, which ...

