Hundreds of Brother printer models are affected by a critical, unpatchable vulnerability (CVE-2024-51978) that allows attackers to generate the default admin password using the device’s serial number—information that’s easily discoverable via other flaws.

748 total models across Brother, Fujifilm, Ricoh, Toshiba, and Konica Minolta are impacted, with millions of devices at risk globally.

Attackers can:
• Gain unauthenticated admin access
• Pivot to full remote code execution
• Exfiltrate credentials for LDAP, FTP, and more
• Move laterally through your network

Brother says the vulnerability cannot be fixed in firmware and requires a change in manufacturing. For now, mitigation = change the default admin password immediately.

Our pentest team regularly highlights printer security as a critical path to system compromise—and today’s news is another example that underscores this risk. This is your reminder: Printers are not “set-and-forget” devices. Treat them like any other endpoint—monitor, patch, and lock them down.

Need help testing your network for exploitable print devices? Contact us and our pentest team can help!

Read the Dark Reading article for more details on the Brother Printers vulnerability: https://www.darkreading.com/endpoint-security/millions-brother-printers-critical-unpatchable-bug

#CyberSecurity #PenetrationTesting #Pentest #Pentesting #PrinterSecurity #BrotherPrinters #CVE202451978 #Infosec #IT #SMB #CISO #Cyberaware #DFIR #ITSecurity #ZeroTrust #PatchNow #Pentest

Watch Brenno De Winter’s talk from OrangeCon 2024 on making penetration tests auditable again.
Watch here: https://www.youtube.com/watch?v=Rv0otVFKrkk
#OrangeCon2024 #Pentesting #Cybersecurity #Infosec

Someone should make a circuit board that fits in an original #tamagotchi shell and upgrades the screen and CPU so that it can do a lot of extra stuff; #gps location tracking, #meshtastic node, #pentesting and #radio #hacking like a #flipperZero, etc. Maybe some #arm #soc like a #RaspberryPi, or #Rocknix, or maybe just a little #ESP32. Maybe just cram a #Pebble watch in there or something.

#hardware #technology #virtualPet

We turned a car into a Mario Kart controller! 🏎️🎮
 
At PTP Cyber Fest, attendees used the steering wheel, pedals, and brakes of a real Renault Clio to play SuperTuxKart.
 
We tapped into the CAN bus with cheap wire splicers.
 
Mapped the signals using Python.
 
We even wrote our own state machine to make it all work.
 
Sure, it was a bit impractical. We had to remove the wing mirrors to fit it inside the building, deal with dodgy electrics, and babysit the car battery.
 
Next year, we might try something a bit more portable.
 
📌Read how we did it here: https://www.pentestpartners.com/security-blog/how-we-turned-a-real-car-into-a-mario-kart-controller-by-intercepting-can-data/
 
#CyberSecurity #AutomotiveSecurity #CANbus #HackThePlanet #PenTesting #Python #Infosec #PTPCyberFest2025

El lado del mal - +300 referencias a papers, posts y talks de Hacking & Security con Inteligencia Artificial https://www.elladodelmal.com/2025/06/300-referencias-papers-posts-y-talks-de.html #InteligenciaArtificial #AI #IA #Hacking #Ciberseguridad #GenAI #LLMs #Pentest #Pentesting

💡 Kali Linux 2025.1c is out
✔️ Fixes update errors from lost signing key
🛠️ Adds new tools like azurehound and binwalk3
🎛️ Redesigned menu with MITRE ATT&CK

🔗 https://hackread.com/kali-linux-2025-1c-fix-issue-adds-tools-interface-update

#CyberSecurity #KaliLinux #InfoSec #HackingTools #PenTesting

💡 Kali Linux 2025.1c is out

✔️ Fixes update errors from lost signing key

🛠️ Adds new tools like azurehound and binwalk3

🎛️ Redesigned menu with MITRE ATT&CK

🔗 https://hackread.com/kali-linux-2025-1c-fix-issue-adds-tools-interface-update

#CyberSecurity #KaliLinux #InfoSec #HackingTools #PenTesting

DEF CON Training 2025
📅 August 9–12, 2025 | 4-Day Training

Join Michael Aguilar #v3ga and Alex Delifer #Cheet for a hands-on course on Medical Device Penetration Testing at #DEFCON33 @defcon

Learn more and sign up: https://training.defcon.org/collections/def-con-training-las-vegas-2025/products/michael-aguilar-v3ga-alex-delifer-cheet-medical-device-penetration-testing-dctlv2025-4-day-training

#Biohackingvillage #PenTesting #Cybersecurity #hackers #Hacking #workshop #DEFCON

🔐 "Attenzione: ci sono individui che usano strumenti di pentesting per attaccare aziende reali! #CyberSecurity #Pentesting"

🔗 https://www.tomshw.it/business/campagna-unk-sneakystrike-colpisce-80000-account-2025-06-24

Context poisoning is the new hawtness in AI chatbot testing.

https://neuraltrust.ai/blog/echo-chamber-context-poisoning-jailbreak

#genai #pentesting

A strict-looking content security policy isn’t always a secure one.

During a recent engagement, we came across a policy that had all the right bits on paper including nonces, locked-down sources, and everything you'd expect.

But one missing directive "base-uri" was all it took to break it wide open.

By injecting a <base> tag, we redirected script loading to an attacker-controlled domain. XSS payload delivered. CSP bypassed.

CSPs need more than checkboxes. They need context, testing, and attention to the small stuff.

📌Here’s what went wrong and how to avoid it: https://www.pentestpartners.com/security-blog/csp-directives-base-ic-misconfigurations-with-big-consequences/

#CyberSecurity #AppSec #CSP #WebSecurity #PenTesting #XSS

El lado del mal - BootCamp "Especialista en Ciberseguridad" con becas: Comienzo 8 de Septiembre https://www.elladodelmal.com/2025/06/bootcamp-especialista-en-ciberseguridad.html #bootcamp #formación #ciberseguridad #pentest #pentesting #hacking #Online

🔥 It’s here.
BashCoreT — the first CLI-only live ISO built on Debian 13 “Trixie” (Hard Freeze), featuring Linux 6.12 + PREEMPT_RT.

Minimal. Lightning fast. Realtime-ready.
No GUI. No noise. Just pure terminal power for advanced users, pentesters, and system engineers.

⚠️ Trixie isn’t stable yet. BashCoreT is for those who know what they’re doing.

📥 Download:
https://sourceforge.net/projects/bashcore/files/releases/

#BashCoreT #DebianTrixie #LinuxCLI #RealtimeLinux #PREEMPTRT #Pentesting #BashCore #NoGUI #HardcoreMinimalism

🚀 BashCoreT is uploading…
A CLI-only BashCore, built on Debian 13 "Trixie" (Hard Freeze) with Linux 6.12 + PREEMPT_RT.

Minimal. Realtime-ready. Made for pentesters, system engineers, and control freaks 👨‍💻

⚠️ Trixie isn't stable yet — BashCoreT is for experts only.

#BashCoreT #UploadingNow #DebianTrixie #PREEMPTRT #LinuxCLI #MinimalLinux #NoGUI #Pentesting #Linux #Trixie #Kernel

Mastering Python for Ethical Hacking: A Comprehensive Guide to Building Hacking Tools by @buymeacoffee

https://buymeacoffee.com/halildeniz/e/296372

#cybersecurity #ethicalhacking #pentesting #networksecurity #pythonwithethicalhacking

[Перевод] Обход проверки электронной почты

Проверка электронной почты — это важная мера безопасности, позволяющая подтвердить личность пользователя и предотвратить несанкционированный доступ. Однако, обнаруженная мной уязвимость в процессе проверки электронной почты на сайте app.target.com , позволяет злоумышленникам обойти эту меру безопасности. В этой статье рассматриваются детали уязвимости, ее влияние и необходимые действия по устранению.

https://habr.com/ru/articles/920168/

#багбаунти #пентест #багхантинг #bugbounty #pentest #pentesting #кибербезопасность

El lado del mal - Vibe Hacking con Cybersecurity AI (CAI): Agentes AI autónomos para ciberseguridad ofensiva y defensiva https://www.elladodelmal.com/2025/06/vibe-hacking-con-cybersecurity-ai-cai.html #IA #AI #AgenticAI #hacking #Pentest #Pentesting #CAI #CybersecurityAI #RedTeam #BlueTeam #InteligenciaArtificial

Hello everyone.
In today's article we are examining the topic Thales: 1 Vulnhub Walkthrough.

I wish everyone good work:
https://denizhalil.com/2025/06/19/thales1-vulnhub-walkthrough/

#vulnhub #ctf #ctfwalkthrough #vulnhub #thales1 #cybersecurity #ethicalhacking #pentesting

If you work in cybersecurity you are probably familiar with Kali Linux. However, depending on your specific tasks, you might want to adopt an operating system that specializes in your tasks. From red teaming to reverse engineering and safe comms, we have gathered a comprehensive list of awesome operating systems that will make your work easier and safer!

https://negativepid.blog/oss-for-cybersecurity-professionals/

#operatingSystems #cybersecurity #pentesting #intelligence #reverseEngineering

🚀 Excited to introduce pentestgen – a modern, open-source penetration test report generator designed to simplify and professionalize your security assessments!

With pentestgen, you can quickly document vulnerabilities, recommendations, and executive summaries, preview your reports live, and export polished PDFs — all with a clean, user-friendly interface.

Check it out here:

🔗 https://halildeniz.github.io/pentestgen/

#cybersecurity #pentesting #opensource #infosec #reporting #securitytools