News • Insights • Analysis
Multifunction printers (MFPs) do far more than print. They scan, email, fax, store, and authenticate. That convenience comes with risk. Our latest report, Understanding Multifunction Printer (MFP) Security within the Enterprise Business Environment, from Rapid7’s Deral Heiland, Principal Security Researcher Read More …
Microsoft is publishing a relatively light 54 new vulnerabilities this December 2025 Patch Tuesday, which is significantly lower than we have come to expect over the past couple of years. Today’s list includes two publicly disclosed remote code vulnerabilities, and Read More …
SAP has released its December cumulative security update, through which it fixed 14 vulnerabilities found in different products. Among them are three critical-severity flaws which should be addressed without delay. The full list of addressed vulnerabilities can be found on Read More …
President Donald Trump’s national security strategy tasks the U.S. intelligence community with monitoring global supply chains as part of a sweeping goal to decouple the nation’s economy from foreign adversaries and advance American economic interests. The demands listed in the Read More …
eact is one of the most popular JavaScript libraries, which powers much of today’s internet. Researchers recently discovered a maximum-severity vulnerability. This bug could allow even the low-skilled threat actors to execute malicious code (RCE) on vulnerable instances. Earlier this Read More …
Since the public release of ChatGPT in November 2022, artificial intelligence (AI) has been integrated into many facets of human society. For critical infrastructure owners and operators, AI can potentially be used to increase efficiency and productivity, enhance decision-making, save Read More …
Google has patched 107 vulnerabilities in Android in its December 2025 Android Security Bulletin, including two high-severity flaws that are being actively exploited. The December updates are available for Android 13, 14, 15, and 16. Android vendors are notified Read More …
NHS Highland is at heightened risk of falling prey to a major cyber attack in part due to “poor practice” by some staff members. The warning, contained in a report to the board assessing risk levels faced in a range Read More …
A fundamental challenge with large language models (LLMs) in a security context is that their greatest strengths as defensive tools are precisely what enable their offensive power. This issue is known as the dual-use dilemma, a concept typically applied to Read More …
CISA has ordered US federal agencies to patch against an actively exploited Oracle Identity Manager (OIM) flaw within three weeks – a scramble made more urgent by evidence that attackers may have been abusing the bug months before a fix Read More …
