Apple has patched a serious vulnerability (CVE-2025-43400) in how devices handle fonts.

Apple has released important security updates to address a critical vulnerability in _FontParser_—the part of MacOS/iOS/iPadOS that processes fonts.

Identified as CVE-2025-43400, the flaw was discovered internally by Apple and allows an attacker to craft a malicious font that can cause apps to crash or corrupt process memory, potentially leading to arbitrary code execution.

While Apple hasn’t said it’s being actively exploited, similar bugs have been used in jailbreaks and spyware attacks in the past, so it’s smart to patch it promptly.

**How to update your devices******How to update your iPhone or iPad****

For iOS and iPadOS users, you can check if you’re using the latest software version, go to **Settings > General > Software Update**. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

******How to update macOS on any version******

To update macOS on any supported Mac, use the Software Update feature, which Apple designed to work consistently across all recent versions. Here are the steps:

*   Click the Apple menu in the upper-left corner of your screen.
*   Choose **System Settings** (or **System Preferences** on older versions).
*   Select **General** in the sidebar, then click **Software Update** on the right. On older macOS, just look for **Software Update** directly.
*   Your Mac will check for updates automatically. If updates are available, click **Update Now** (or **Upgrade Now** for major new versions) and follow the on-screen instructions. Before you upgrade to macOS Tahoe 26, please read these instructions.
*   Enter your administrator password if prompted, then let your Mac finish the update (it might need to restart during this process).
*   Make sure your Mac stays plugged in and connected to the internet until the update is done.

****How to update Apple Watch****

*   Ensure your iPhone is paired with your Apple Watch and connected to Wi-Fi.
*   Keep your Apple Watch on its charger and close to your iPhone.
*   Open the Watch app on your iPhone.
*   Tap **General > Software Update**.
*   If an update appears, tap **Download and Install**.
*   Enter your iPhone passcode or Apple ID password if prompted.

Your Apple Watch will automatically restart during the update process. Make sure it remains near your iPhone and on charge until the update completes.

****How to update Apple TV****

*   Turn on your Apple TV and make sure it’s connected to the internet.
*   Open the Settings app on Apple TV.
*   Navigate **to System > Software Updates**.
*   Select **Update Software**.
*   If an update appears, select **Download and Install**.

The Apple TV will download the update and restart as needed. Keep your device connected to power and Wi-Fi until the process finishes.

**Updates for your particular device**

**Name and information link**

**Available for**

iOS 26.0.1 and iPadOS 26.0.1

iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later

iOS 18.7.1 and iPadOS 18.7.1

iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later

macOS Tahoe 26.0.1

macOS Tahoe

macOS Sequoia 15.7.1

macOS Sequoia

macOS Sonoma 14.8.1

macOS Sonoma

visionOS 26.0.1

Apple Vision Pro

watchOS 26.0.2 no published CVE entries.

Apple Watch Series 6 and later

tvOS 26.0.1 no published CVE entries.

Apple TV HD and Apple TV 4K (all models)

**Technical details**

The vulnerability tracked as CVE-2025-43400 was described as an out-of-bounds write issue in FontParser that, when exploited, could cause the processing of a maliciously crafted font to lead to unexpected app termination or corrupt process memory.

An out-of-bounds write vulnerability means that the attacker can manipulate parts of the device’s memory that should be out of their reach. Such a flaw in a program allows it to read or write outside the bounds the program sets, enabling attackers to manipulate other parts of the memory allocated to more critical functions. Attackers can write code to a part of the memory where the system executes it with permissions that the program and user should not have.

Typically, fonts are safe and standardized files used daily in countless apps and websites, but due to this vulnerability an attacker can create a specially crafted font file containing manipulated data that exploits vulnerabilities in the font processing engine of the operating system. When this malicious font is loaded by an app or system process, it can trigger memory corruption or crashes. In worst-case scenarios, this can enable attackers to execute harmful code remotely, gaining control over the device.

Given that fonts are widely used and often processed silently in the background, font vulnerabilities pose a significant risk vector for attackers aiming to compromise devices.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple fixes critical font processing bug. Update now! 

Investigators linked 1,463 victims to the scams, and said their losses amounted to around $2.8 million.

Online crime of all kinds is deplorable, but romance scammers and sextortionists who target the most vulnerable victims are among the worst. Now, there’s likely a place for 260 of them in jail, thanks to international law enforcement.

Interpol’s Operation Contender 3.0 targeted alleged criminals from several countries across Africa. It arrested 260 people and captured 1,235 electronic devices. Investigators linked 1,463 victims to the scams, and said their losses amounted to around $2.8 million.

The images from Interpol’s press release tell just as lurid a story as the numbers do. In one, over 30 phones lie on a table, each with a different case. These were the devices that the scammers likely used to carry out their crimes, which focused on romance scams and extortion.

Criminals lured victims with fake online identities built from stolen photos and forged documents, then exploited victims through romance scams that demanded bogus courier or customs fees. Others ran sextortion schemes, secretly recording explicit video chats to extort money.

**What to watch for**

Romance scams are all too familiar to those in the know, but still catch out plenty of lonely people looking for affection online. A criminal half a world away will get to know a victim, often beginning the relationship via an ‘accidental’ text message, or via a dating site or social media. A fake social media account, usually with a stolen photo, lends them credibility. They will gradually get to know the victim, luring them into what seems like a romantic relationship. If you’re talking to someone who claims to be in the military and therefore unable to travel, be very wary. This is a common scam tactic.

Eventually the request for money will come, in some form or other. In some scams, it’ll be a recommendation to invest in a fraudulent investment scheme (this used to be called ‘pig butchering’ but now Interpol prefers the more humane term ‘romance baiting’).

In other variations of the scam, there will be a plan to visit the victim – except, of course, there’s some financial hurdle that the perpetrator must overcome before they can travel. If the victim sends the money, the requests will keep coming, always with another excuse for why they can’t make the trip just yet.

Talking with someone you’ve never met who’s asking for financial help with a medical emergency, or to solve a legal or business issue? Think twice before sending the funds. Then think a third time. Then don’t do it.

**A loneliness epidemic**

In an era where people are increasingly lonely, romance scams are a surprisingly effective tactic. Americans lost $1.2 billion to romance scammers last year, with medium losses hitting $2,000.

The extortion side of things is even more horrid. People aren’t just lonely these days; they’re lusty. That leads to many people doing things online with strangers that they shouldn’t, including sharing intimate images or videos of themselves. Once a criminal has those assets, they can use them to extort the victims by threatening to send the material to their friends, family, and professional contacts.

Romance scams and other forms of financial fraud can come from anywhere, including in your own country. But Africa does seem to be a hotbed for it. Last year’s Interpol Africa Cyberthreat Assessment Report found that cybercrime accounted for 30% of all reported crime in Western and Eastern Africa. Criminals engage in many kinds of digital crime, according to the report, including business email compromise and banking malware, but online scams are especially popular—as is digital sextortion and harassment.

Interpol arrested eight people a year ago in Nigeria and Côte d’Ivoire for financial fraud including romance scams as part of its Contender 2.0 operation. And in 2022, it dismantled a South African gang for swindling companies, but also suspected it of being involved in romance scams.

**We don’t just report on scams—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 260 romance scammers and sextortionists caught in huge Interpol sting 

Cybersecurity researchers have flagged a previously undocumented Android banking trojan called Datzbro that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly.
Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting "active senior

Cybersecurity researchers have flagged a previously undocumented Android banking trojan called **Datzbro** that can conduct device takeover (DTO) attacks and perform fraudulent transactions by preying on the elderly.

Dutch mobile security company ThreatFabric said it discovered the campaign in August 2025 after users in Australia reported scammers managing Facebook groups promoting "active senior trips." Some of the other territories targeted by the threat actors include Singapore, Malaysia, Canada, South Africa, and the U.K.

The campaigns, it added, specifically focused on elderly people looking for social activities, trips, in-person meetings, and similar events. These Facebook groups have been found to share artificial intelligence (AI)-generated content, claiming to organize various activities for seniors.

Should prospective targets express willingness to participate in these events, they are subsequently approached via Facebook Messenger or WhatsApp, where they are asked to download an APK file from a fraudulent link (e.g., "download.seniorgroupapps\[.\]com").

"The fake websites prompted visitors to install a so-called community application, claiming it would allow them to register for events, connect with members, and track scheduled activities," ThreatFabric said in a report shared with The Hacker News.

Interestingly, the websites have also been found to contain placeholder links to download an iOS application, indicating that the attackers are looking to target both the mobile operating systems, distributing TestFlight apps for iOS and trick victims into downloading them.

Should the victim click on the button to download the Android application, it either leads to the direct deployment of the malware on their devices, or that of a dropper that's built using an APK binding service dubbed Zombinder to bypass security restrictions on Android 13 and later.

Some of the Android apps that have been found distributing Datzbro are listed below -

*   Senior Group (twzlibwr.rlrkvsdw.bcfwgozi)
*   Lively Years (orgLivelyYears.browses646)
*   ActiveSenior (com.forest481.security)
*   DanceWave (inedpnok.kfxuvnie.mggfqzhl)
*   作业帮 (io.mobile.Itool）
*   麻豆传媒 (fsxhibqhbh.hlyzqkd.aois
*   麻豆传媒 (mobi.audio.aassistant)
*   谷歌浏览器 (tvmhnrvsp.zltixkpp.mdok)
*   MT管理器 (varuhphk.vadneozj.tltldo)
*   MT管理器 (spvojpr.bkkhxobj.twfwf)
*   大麦 (mnamrdrefa.edldylo.zish)
*   MT管理器 (io.red.studio.tracker)

The malware, like other Android banking trojans, has a wide range of capabilities to record audio, capture photos, access files and photos, and conduct financial fraud through remote control, overlay attacks, and keylogging. It also relies on Android's accessibility services to perform remote actions on the victim's behalf.

A notable feature of Datzbro is the schematic remote control mode, which allows the malware to send information about all the elements displayed on the screen, their position, and content, so as to allow the operators to re-create the layout at their end and effectively commandeer the device.

The banking trojan can also serve as a semi-transparent black overlay with custom text so as to hide the malicious activity from a victim, as well as steal the device lock screen PIN and passwords associated with Alipay and WeChat. Furthermore, it scans accessibility event logs for package names related to banks or cryptocurrency wallets, and for text containing passwords, PINs, or other codes.

"Such a filter clearly shows the focus of the developers behind Datzbro, not only using its Spyware capabilities, but also turning it into a financial threat," ThreatFabric said. "With the help of keylogging capabilities, Datzbro can successfully capture login credentials for mobile banking applications entered by unsuspecting victims."

It's believed that Datzbro is the work of a Chinese-speaking threat group, given the presence of Chinese debug and logging strings in the malware source code. The malicious apps have been found to be connected to a command-and-control (C2) backend that's a Chinese-language desktop application, making it stand apart from other malware families that rely on web-based C2 panels.

ThreatFabric said a compiled version of the C2 app has been leaked to a public virus share, suggesting that the malware may have been leaked and is being distributed freely among cybercriminals.

"The discovery of Datzbro highlights the evolution of mobile threats targeting unsuspecting users through social engineering campaigns," the company said. "By focusing on seniors, fraudsters exploit trust and community-oriented activities to lure victims into installing malware. What begins as a seemingly harmless event promotion on Facebook can escalate into device takeover, credential theft, and financial fraud."

The disclosure comes as IBM X-Force detailed an AntiDot Android banking malware campaign codenamed PhantomCall that has targeted users of major financial institutions globally, spanning Spain, Italy, France, the U.S., Canada, the U.A.E., and India, using fake Google Chrome dropper apps that can get around Android 13's controls that prevent sideloaded apps from exploiting accessibility APIs.

According to an analysis published by PRODAFT in June 2025, AntiDot is attributed to a financially motivated threat actor called LARVA-398 and is available to others under a Malware-as-a-Service (MaaS) model on underground forums.

The latest campaign is designed to make use of the CallScreeningService API to monitor incoming calls and selectively block them based on a dynamically generated list of phone numbers stored in the phone's shared preferences, effectively allowing the attackers to prolong unauthorized access, complete fraudulent transactions, or delay detection.

"PhantomCall also enables attackers to initiate fraudulent activity by silently sending USSD codes to redirect calls, while abusing Android's CallScreeningService to block legitimate incoming calls, effectively isolating victims and enabling impersonation," security researcher Ruby Cohen said.

"These capabilities play a critical role in orchestrating high-impact financial fraud by cutting off victims from real communication channels and enabling attackers to act on their behalf without raising suspicion."

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

New Android Trojan “Datzbro” Tricking Elderly with AI-Generated Facebook Travel Events

As more businesses rely on digital documents today, effective large file management has also become necessary. PDFs are…

As more businesses rely on digital documents today, effective large file management has also become necessary. PDFs are a ubiquitous file format that maintains formatting. The problem with having many PDFs is that they can become a little clunky. Combining these files online is a reasonable approach. This guide discusses how to combine large PDF files and the best tips for combining seamlessly.

****Why Merge PDFs?****

When you merge PDF online, it makes arranging the documents easy. It declutters everything and makes it more convenient to access. With the combine option, users can merge various files into one seamless document. This technique works great for reports, presentations, and portfolios.

****Choosing the Right Tool****

One of them is to choose the right tool, which is vital. There are many websites available that allow you to merge PDF files. You also want to consider UI, security, and file size limits. Here are a few tools that focus on ease of use, which makes them perfect for beginners. Some provide advanced options for more complex tasks. One can make the right choice if they evaluate these aspects.

****Ensuring File Security****

Security is an essential concern when using any online service. Find providers that encrypt both the upload and download stages. This guarantees that sensitive information stays secure. Furthermore, several services also delete files once they finish processing them, increasing your security. Always read the Privacy Policy to understand how data is managed.

****Understanding File Size Limitations****

Most online PDF merging tools limit the size of PDF files that can be uploaded and used. First, find out the maximum file size limit. If the files are larger than this, please zip them first. Many platforms provide compression features, and they can also reduce the size of the file while maintaining the quality. This step ensures smooth merging.

****Organizing Files Before Merging****

At the same time, a good arrangement of files is important for a uniform document. Have the PDFs already been put in the order you want to upload them? Renaming the files will help you to see the order. They give you an idea of how the final document should flow and save time when preparing the final document. This eliminates ordering post-merging, making the process more efficient as well.

****Previewing the Merged Document****

Preview the Document After Merging. This lets a user confirm that all pages are in order and no pages are missing from the files. Most tools have a preview option so that you can make changes before the final submission. This step ascertains that the document aligns with your expectations, and the possibility of errors dropping into your basket shrinks.

****Download and Save the Combined File****

Download the document and save it as soon as the merged document is to your liking. Place the file somewhere safe. Do a backup on some cloud service or external drive. This practice ensures that the document remains intact and free of data loss. Regular backups are essential to keeping a tidy digital archive and managing digital history.

****Troubleshooting Common Issues****

At times, users face obstacles while merging the process. It could be formatting, or some pages are missing. When such issues do occur, it helps to check back with the original files for inconsistencies. Re-uploading the files or using a different tool might resolve these issues. It takes time and commitment to follow through, but it gets you where you need to be.

****Exploring Additional Features****

There are plenty of other tools, like merging, available to help you manage PDFs. These may include splitting, editing, and converting PDFs. Getting familiar with these options can improve your skills in managing documents. Being experienced with so many features can help you save time and offer you flexibility while dealing with documents online.

****Conclusion****

In this age of digital documentation, merging large PDF files online is one of the most practical solutions. If users choose the correct, secure, well-structured, and organized tool, they can create seamless documents. Those are essential steps in this process, such as previewing, downloading, and troubleshooting. By following the tips outlined above, anyone can seamlessly merge PDFs and take their document management skills to the next level.

Tips for Merging Large PDF Files Online

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting the Sudo command-line utility for Linux and Unix-like operating systems to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.

The vulnerability in question is CVE-2025-32463 (CVSS score: 9.3), which affects Sudo versions prior to 1.9.17p1. It was disclosed by Stratascale researcher Rich Mirch back in July 2025.

"Sudo contains an inclusion of functionality from an untrusted control sphere vulnerability," CISA said. "This vulnerability could allow a local attacker to leverage sudo's -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file."

It's currently not known how the shortcoming is being exploited in real-world attacks, and who may be behind such efforts. Also added to the KEV catalog are four other flaws -

*   **CVE-2021-21311** - Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information. (Disclosed as exploited by Google Mandiant in May 2022 by a threat actor called UNC2903 to target AWS IMDS setups)
*   **CVE-2025-20352** - Cisco IOS and IOS XE contain a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. (Disclosed as exploited by Cisco last week)
*   **CVE-2025-10035** - Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability that allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. (Disclosed as exploited by watchTowr Labs last week)
*   **CVE-2025-59689** - Libraesva Email Security Gateway (ESG) contains a command injection vulnerability that allows command injection via a compressed email attachment. (Disclosed as exploited by Libraesva last week)

In light of active exploitation, Federal Civilian Executive Branch (FCEB) agencies relying on the affected products are advised to apply the necessary mitigations by October 20, 2025, to secure their networks.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

CISA Sounds Alarm on Critical Sudo Flaw Actively Exploited in Linux and Unix Systems

Cybersecurity never stops—and neither do hackers. While you wrapped up last week, new attacks were already underway.
From hidden software bugs to massive DDoS attacks and new ransomware tricks, this week’s roundup gives you the biggest security moves to know. Whether you’re protecting key systems or locking down cloud apps, these are the updates you need before making your next security

⚡ Weekly Recap: Cisco 0-Day, Record DDoS, LockBit 5.0, BMC Bugs, ShadowV2 Botnet & More

Your logins will live on after you pass on. Make sure they end up in the right hands.

It’s not fun to talk about, but there’s only one thing certain in life. You need to have a plan for your digital legacy, just like you make a plan for your physical assets; otherwise, your accounts, services, and logins will rot away in a data center before they’re inevitably erased by a data retention policy.

Some services recognize how important digital legacy is. Apple and Facebook have legacy contacts that can gain access to your accounts, and the American Bar Association is still grappling with the legalities of accessing online accounts when someone passes away. Most online services don't.

Recognition of digital legacy is still spotty, and without dedicated legacy contacts, accessing the deceased’s online accounts often involves court orders or legal documentation (and plenty of time). Digital legacy doesn’t need to have so many hurdles, though. Password managers have digital legacy features built in that can unlock your digital life in the event of an emergency.

*   **Defining a Digital Legacy**
*   **Password Managers With Digital Legacy Features**
*   **What You Should Store Beyond Passwords**
*   **Pass on Your Passwords When You Pass**

**Defining a Digital Legacy**

There’s a lot that goes into your digital legacy, from your online banking login to any digital assets you own, but even a seemingly straightforward online life can quickly snowball into a mess. Does the Netflix account just keep draining the checking account until you can break in and change the payment option? Are photos that have been uploaded to the cloud now lost in a data center, never to be recovered? Add some passkeys, maybe some social sign-on features, and you have a complex web of data that’s almost impossible to untangle.

So-called digital executors exist, operating in the same way as the executor of the will, just for digital assets. It’s a good idea to set up a digital executor to ensure your digital assets are handled properly, but that doesn’t help in the immediate aftermath of someone passing away. The probate process can take at least a few months, and sometimes several years.

Password managers like Bitwarden offer a shortcut. You can transfer access to a trusted relative, spouse, or even your closest friend, along with a rundown of what to do with your accounts.

The legality of this is a little murky, with the American Bar Association noting that accessing someone else’s account, even with their username and password, isn’t legal if it violates the platform’s terms of service. The law regarding digital assets varies from state to state, so it’s still a good idea to consult an attorney for long-term access.

Here's the advice NordPass gave: “For anyone thinking about digital legacy, the best step is to set up Emergency Access in advance, clearly communicate the use cases of the credentials with your trusted contacts, and follow the terms of service of respective platforms.”

Immediate access is still important, not only in the event of death but also in the event of incapacitation. If you, for whatever reason, can’t access your online accounts, you can transfer those accounts easily using an emergency contact feature available in a password manager.

**Password Managers With Digital Legacy Features**

There are some excellent password managers, and most of them have some way to unlock your account in the event of an emergency. They go about it in different ways, however. Here are the three I recommend for most people. (Read more in our Best Password Managers guide.)

Proton Pass

Proton recently added an emergency access feature, and it’s not just restricted to Proton Pass. Unlike most password managers, Proton Pass is just one app available in the Proton suite. Proton also makes our favorite VPN, and it offers an encrypted crypto wallet, cloud storage, and even a calendar.

Emergency access isn’t restricted to one app with Proton. Rather, it’s access to your entire account, so if you have multiple Proton apps, you can pass them along. It’s not hard to see where this could be useful, especially if you have a lot of data stored in Proton Drive or money in your crypto wallet.

Although Proton’s emergency access is bound to your overall Proton account, you need to set it up through Proton Pass or another Proton app. For Proton Pass, open the app in your browser at account.proton.me. Once you’re in, select the cog icon next to your name in the bottom left corner and choose **Account.**

Proton via Jacob Roach

This will open a new tab. In the new window, select **Recovery** from the menu on the left and scroll down to the **Emergency Access** section. Choose **Add Emergency Contact** and enter the email address you want to share access with. They’ll need a Proton account to accept the invitation. Emergency access is only available for paid Proton members, though you can share access with someone who has a free Proton account.

One of the upsides of Proton compared to 1Password and NordPass (my other two recommendations) is the wait-time setting. When you add an emergency contact, they can request access to your Proton account at any time. After the wait time has passed without a response, however, Proton will automatically give your emergency contacts access. The default time is seven days, but you can set it for as long as 30 days, as well as remove the wait time completely.

1Password

1Password via Jacob Roach

**1Password**

1Password doesn’t have a dedicated digital legacy feature, and if you understand how its security architecture is designed, it’s easy to see why. 1Password has a true zero-knowledge security architecture. Even if 1Password wanted to, and even in the event of a catastrophic emergency, it can’t decrypt someone’s vault. That’s great for security but bad for passing along your passwords.

Instead, 1Password offers an emergency kit, which you can generate and download from my.1password.com. On a device where you’re signed into 1Password, go to that address, select your name in the upper right corner, and choose **Manage Account.** On the next page, select **Save Emergency Kit.**

1Password via Jacob Roach

Your 1Password Emergency Kit is a PDF that includes instructions for logging in, along with your email address, secret key, and a space for you to write (or type) your master password. It also includes a QR code for easy setup, automatically copying your details over, short of your master password.

The Emergency Kit is useful for account recovery, but it’s also one of the more secure options for digital legacy. You can print off a physical copy of your Emergency Kit before wiping any trace of it digitally. I recommend including it as part of your will or trust and storing it somewhere secure, like a safe-deposit box.

Unfortunately, you need to jump through these hoops with 1Password due to how it works. And whoever ends up with your Emergency Kit will have full access to your account, while Proton Pass and NordPass (my next recommendation) provide read-only access. If you use 1Password’s Families plan, however, it’s easy to share vault access with the family members on your account—and you don’t even need to contemplate death to do it.

NordPass

Photograph: Nordpass

NordPass introduced its emergency access feature a few years ago, and it’s simple. You can send invites to one (or more) trusted contacts. They don’t get access to your vault immediately. Instead, they can request access at any time. In the event you don’t deny one of these requests within seven days, Nord automatically unlocks the account for the contact that requested access.

Setting it up is easy. Once you have the NordPass extension installed, open it and select the cog icon near the top left of the window. That will open your settings view in a new tab. All the way at the bottom of the page, you’ll find the **Emergency Access** setting under the **Other** category. Like with Proton Pass, your trusted contact will need a NordPass account to see and accept the invitation.

Nordpass via Jacob Roach

That’s it. Once they accept the invitation, your contact can request access at any time, which you can accept or deny within that seven-day window before your vault is unlocked. Regardless of the situation, if someone gets emergency access to your account, they can only view what’s inside. NordPass locks them out of editing, deleting, sharing, or doing anything else inside your vault.

The obvious downside with NordPass is that you can’t change the amount of time before access is handed over to your emergency contacts. If you, for whatever reason, can’t deny the request within seven days, NordPass unlocks your vault. You can dream up some scenarios where that could become a problem, but it shouldn’t, especially considering you can revoke access for your emergency contacts at any time.

**What You Should Store Beyond Passwords**

Proton Pass, 1Password, and NordPass are my personal favorite password managers, which is why I recommend them over options like Keeper, which also has a digital legacy feature. I also recommend them because they come with additional storage space. 1Password includes 1 GB, NordPass includes 3 GB, and Proton Pass comes with a whopping 10 GB—and that doesn’t include any storage through Proton Drive.

Storing your logins is important, but you can also store a lot of important documents in your password manager. That’s certainly more secure than throwing them in a shared Google Drive folder. If you want to do a digital inventory, here are a few things you should store in your password manager alongside your logins.

**Vehicle information.** You can wrap all of your vehicle information up into a single entry in your password manager. Scan your license and title, add insurance and vehicle information, and maybe loop in personal property tax receipts. NordPass, 1Password, and Proton Pass all allow you to add attachments to entries, as well as notes.

**Software licenses.** Most software today is sold with a software-as-a-service model, so accessing someone’s login is most important. If you have perpetual software licenses, though, you’ll probably want to add them to your vault as an encrypted note.

**Non-account secrets.** This is probably the most practical thing to store in your password manager in the event you need to transfer access. There are a ton of secrets you need to remember that aren’t tied to an online account. I’m talking about gate codes, PINs, and patterns for your devices, recovery codes, lock combinations; the list goes on. Store them in your vault as encrypted notes.

**2FA/MFA details.** A lot of password managers allow you to store 2FA codes, including Proton Pass and 1Password (though not NordPass). It’s not the best idea for security, but in the context of digital legacy, you should store some information about accounts that have 2FA enabled. Add a note to logins that have 2FA enabled, along with recovery information for those accounts.

**Pass on Your Passwords When You Pass**

Death isn’t fun to think about, no, but setting up your digital legacy is only becoming more important. Today, precious little exists only in the physical world; nearly everything is tied to an online account or service in some way. Dealing with who owns your digital assets is something you can define in a will or trust. But that doesn’t always account for the unexpected.

Emergency access is important if you pass away, but it’s also important if you can’t get access to your account for any reason, especially in the aftermath of an emergency.

How to Use a Password Manager to Share Your Logins After You Die (2025)

A list of topics we covered in the week of September 22 to September 28 of 2025

Last week on Malwarebytes Labs:

*   Hackers threaten parents: Get nursery to pay ransom or we leak your child’s data
*   Google and Flo to pay $56 million after misusing users’ health data
*   Neon App pays users to record their phone calls, sells data for AI training \[updated\]
*   New SVG-based phishing campaign is a recipe for disaster
*   LinkedIn will use your data to train its AI unless you opt out now
*   TikTok is misusing kids’ data, says privacy watchdog
*   Police using drones to read your license plates, warns EFF
*   Malwarebytes for Teams now includes VPN
*   Fake Malwarebytes, LastPass, and others on GitHub serve malware
*   Can you disappear online? (Lock and Code S06E19)
*   American Archive of Public Broadcasting allowed access to restricted media for years
*   Scammers are impersonating the FBI to steal your personal data
*   Beware of Zelle transfer scams
*   ChatGPT solves CAPTCHAs if you tell it they’re fake

Stay safe!

**We don’t just report on scams—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 A week in security (September 22 &#8211; September 28) 

Medusa ransomware group claims 834 GB data theft from Comcast, demanding $1.2M ransom while sharing screenshots and file listings.

The **Medusa** ransomware group is claiming responsibility for a ransomware attack on Comcast Corporation, a global media and technology company best known for its broadband, television, and film businesses.

According to the group’s dark web leak site, they exfiltrated 834.4 gigabytes of data and are demanding $1.2 million for interested buyers to download it. The same sum has been set as ransom for Comcast if the company wants the data deleted rather than leaked or sold.

To back its claims, Medusa has posted around 20 screenshots allegedly showing internal Comcast files. The group also shared a massive file listing of 167,121 entries, suggesting access to actuarial reports, product management data, insurance modelling scripts, and claim analytics.

The sample paths include files such as Esur_rerating_verification.xlsx, Claim Data Specifications.xlsm, and Python, as well as SQL scripts related to auto premium impact analysis.

Medusa Ransomware group’s dark web leak site claiming Comcast as its victim – These claims were published on Friday, September 26, 2025 (Image credit: Hackread.com)

****Comcast and Cybersecurity****

For your information, Comcast owns NBCUniversal, which operates NBC, Telemundo, Universal Pictures, Sky (in Europe), and a wide range of TV networks, film studios, and streaming platforms like Peacock.

Although the company has not been in news over large-scale cyber attacks, a 2015 report published by Hackread.com revealed that over 200,000 Comcast user credentials were leaked on the dark web.

At the time, Comcast stated the data likely came from credential aggregation rather than a direct breach of its systems. The case underscored how previously exposed information can resurface years later, complicating efforts to separate legacy leaks from fresh intrusions.

Medusa ransomware is known for publishing file listings and partial screenshots as proof of compromise while holding back the bulk of the data to increase ransom pressure. In this case, the nature of the files points toward actuarial and financial datasets, some of which appear to involve insurance calculations, customer data processing, and claim management systems.

****Medusa Aims At Top American Firms****

Past Medusa incidents have shown that the group tends to release portions of data if demands are not met, increasing the pressure on victims to negotiate. The cyber criminal group has also been behind several high-profile attacks this year.

On April 8, 2025, the group announced it had **targeted NASCAR** with a $4 million ransom demand. That incident was later **confirmed** as a data breach in July 2025, showing the group had followed through on previous threats when negotiations failed.

At the time of writing, Comcast has not publicly confirmed or denied the breach. The company may face regulatory scrutiny if sensitive customer or financial data is involved, particularly given the sheer size of the alleged leak.

Hackread.com has reached out to Comcast for comment and will continue monitoring the situation for updates on the company’s response and any further releases from Medusa.

Medusa Ransomware Claims Comcast Data Breach, Demands $1.2M

Car makers don’t trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions.
Because design specs don’t prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with “critical” exposure alerts. Compliance reports tick every box. 
But none of that proves what matters most to a CISO:

The

Car makers don't trust blueprints. They smash prototypes into walls. Again and again. In controlled conditions.

Because design specs don't prove survival. Crash tests do. They separate theory from reality. Cybersecurity is no different. Dashboards overflow with "critical" exposure alerts. Compliance reports tick every box.

But none of that proves what matters most to a CISO:

*   The ransomware crew targeting your sector can't move laterally once inside.
*   That a newly published exploit of a CVE won't bypass your defenses tomorrow morning.
*   That sensitive data can't be siphoned through a stealthy exfiltration channel, exposing the business to fines, lawsuits, and reputational damage.

That's why Breach and Attack Simulation (BAS) matters.

BAS is the crash test for your security stack. It safely simulates real adversarial behaviors to prove which attacks your defenses can stop, and which would break through. It exposes those gaps before attackers exploit them or regulators demand answers.

****The Illusion of Safety: Dashboards Without Crash Tests****

Dashboards overflowing with exposures can feel reassuring, like you're seeing everything, like you're safe. But it's a false comfort. It's no different than reading a car's spec sheet and declaring it "safe" without ever crashing it into a wall at 60 miles per hour. On paper, the design holds. In practice, impact reveals where the frame buckles and the airbags fail.

The Blue Report 2025 provides crash test data for enterprise security. Based on 160 million adversary simulations, it shows what actually happens when defenses are tested instead of assumed:

*   **Prevention dropped from 69% to 62% in one year.** Even organizations with mature controls regressed.
*   **54% of attacker behaviors generated no logs.** Entire attack chains unfolded with zero visibility.
*   **Only 14% triggered alerts.** Meaning most detection pipelines failed silently.
*   **Data exfiltration was stopped just 3% of the time.** A stage with direct financial, regulatory, and reputational consequences is effectively unprotected.

These are not gaps dashboards reveal. They are exploitable weaknesses that only appear under pressure.

Just as a crash test exposes flaws hidden in design blueprints, **security validation exposes the assumptions that collapse under real-world impact, before attackers, regulators, or customers do.**

****BAS Works as a Security Validation Engine****

Crash tests don't just expose flaws. They prove safety systems fire when they're needed most. Breach and Attack Simulation (BAS) does the same for **enterprise security**.

Instead of waiting for a real breach, BAS continuously runs safe, controlled attack scenarios that mirror how adversaries actually operate. It doesn't trade in hypotheticals, it delivers proof.

For CISOs, this proof matters because it turns anxiety into assurance:

*   **No sleepless nights over a public CVE with a working proof-of-concept.** BAS shows if your defenses stop it in practice.
*   **No guessing whether the ransomware campaign sweeping your sector could penetrate your environment.**BAS runs those behaviors safely and shows if you'd be a victim or not.
*   **No fear of the unknown in tomorrow's threat reports.** BAS validates defenses against both known techniques and emerging ones observed in the wild.

This is the discipline of **Security Control Validation (SCV):** proving that investments hold up where it counts. BAS is the engine that makes SCV continuous and scalable.

Dashboards may show posture. BAS reveals performance. By pointing out the blind spots in your defenses, it gives CISOs something dashboards never can: the ability to focus on the exposures that actually matter, and the confidence to prove resilience to boards, regulators, and customers.

****Proof in Action: Effect of BAS in Business Side****

BAS-driven exposure validation shows just how much noise can be eliminated when assumptions give way to proof:

*   Backlogs of **9,500 CVSS "critical" findings** shrink to just **1,350 exposures proven relevant**.
*   **Mean Time to Remediate (MTTR)** drops from **45 days to 13**, closing windows of exposure before attackers can strike.
*   **Rollbacks** fall from **11 per quarter to 2**, saving time, budget, and credibility.

And when paired with prioritization models like the **Picus Exposure Score (PXS)**, the clarity becomes sharper:

*   From **63% of vulnerabilities flagged as high/critical**, only **10% remain truly critical** after validation, an **84% reduction in false urgency**.

For CISOs, this means fewer sleepless nights over swelling dashboards and more confidence that resources are locked onto exposures that matter most.

**BAS turns overwhelming data into a validated risk picture executives can trust.**

****Closing Thought: Don't Just Monitor, Simulate****

For CISOs, the challenge isn't visibility, it's certainty. Boards don't ask for dashboards or scanner scores. They want assurance that defenses will hold when it matters most.

This is where BAS reframes the conversation: from posture to proof.

*   _From "We deployed a firewall" → to "We proved it blocked malicious C2 traffic across 500 simulated attempts this quarter."_
*   _From "Our EDR has MITRE coverage" → to "We detected 72% of emulated Scattered Spider APT group's behaviors; here's where we fixed the other 28%."_
*   _From "We're compliant" → to "We're resilient, and we can prove it with evidence."_

That shift is why BAS resonates at the executive level. It transforms security from assumptions into measurable outcomes. Boards don't buy posture, they buy proof.

And BAS is evolving further. With AI, it's no longer just proving whether defenses worked yesterday, but anticipating how they will hold tomorrow.

To see this in action, join **Picus Security, SANS, Hacker Valley, and other leading voices** at The Picus BAS Summit 2025: Redefining Attack Simulation through AI_._ This virtual summit will showcase how BAS and AI together are shaping the future of security validation.

**\[Secure your spot today\]**

Found this article interesting? This article is a contributed piece from one of our valued partners. Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Tag

#ios