Trend Micro uncovered an eight-year-long spying campaign exploiting a Windows vulnerability involving malicious .LNK shortcut files, which attackers padded with whitespace to conceal commands. Despite being reported to Microsoft in 2023, the company considers it a UI issue rather than a security risk and has not prioritized a fix. The Register reports: The attack method is low-tech but effective, relying on malicious .LNK shortcut files rigged with commands to download malware. While appearing to point to legitimate files or executables, these shortcuts quietly include extra instructions to fetch or unpack and attempt to run malicious payloads. Ordinarily, the shortcut's target and command-line arguments would be clearly visible in Windows, making suspicious commands easy to spot. But Trend's Zero Day Initiative said it observed North Korea-backed crews padding out the command-line arguments with megabytes of whitespace, burying the actual commands deep out of sight in the user interface.

Trend reported this to Microsoft in September last year and estimates that it has been used since 2017. It said it had found nearly 1,000 tampered .LNK files in circulation but estimates the actual number of attacks could have been higher. "This is one of many bugs that the attackers are using, but this is one that is not patched and that's why we reported it as a zero day," Dustin Childs, head of threat awareness at the Zero Day Initiative, told The Register. "We told Microsoft but they consider it a UI issue, not a security issue. So it doesn't meet their bar for servicing as a security update, but it might be fixed in a later OS version, or something along those lines."

After poring over malicious .LNK samples, the security shop said it found the vast majority of these files were from state-sponsored attackers (around 70 percent), used for espionage or information theft, with another 20 percent going after financial gain. Among the state-sponsored crews, 46 percent of attacks came from North Korea, while Russia, Iran, and China each accounted for around 18 percent of the activity.

The rumors were right: Google parent Alphabet has agreed to buy cyber security start-up Wiz for $32 billion, the biggest acquisition in the search group's history. From the report: Alphabet held talks over a $23 billion acquisition of Wiz last year, although the negotiations collapsed after some of the cyber security company's directors and investors became worried about antitrust hurdles.

The deal, which will rank as the biggest deal of the year so far, was announced on Tuesday morning. It will probably still face scrutiny from the Federal Trade Commission under President Donald Trump, whose new chair Andrew Ferguson has maintained guidelines giving the agency the ability to block large deals used by his predecessor Lina Khan.

Long-time Slashdot reader chicksdaddy writes: A group of U.S. consumer advocacy groups on Wednesday proposed legislation to address the growing epidemic of "zombie" Internet of Things (IoT) devices that have had software support cut off by their manufacturer, Fight To Repair News reports.

The Connected Consumer Product End of Life Disclosure Act is a collaboration between Consumer Reports, US PIRG, the Secure Resilient Future Foundation (SRFF) and the Center for Democracy and Technology. It requires manufacturers of connected consumer products to disclose for how long they will provide technical support, security updates, or bug fixes for the software and hardware that are necessary for the product to operate securely.
The groups proposed legal requirements that manufacturers "must notify consumers when their devices are nearing the end of life and provide guidance on how to handle the device's end of life," while end-of-life notifications "must include details about features that will be lost, and potential vulnerabilities and security risks that may arise." And when an ISP-provided device (like a router) reaches its end of life, the ISP must remove them.

"The organizations are working with legislators at the state and federal level to get the model legislation introduced," according to Fight To Repair News.

America's Vice President "expressed confidence Friday that a deal to sell TikTok and keep the social media app running in the U.S. would largely be in place by an April deadline," reports NBC News. (Specifically the Vice President said "There will almost certainly be a high-level agreement that I think satisfies our national security concerns, allows there to be a distinct American TikTok enterprise.")

The article adds that TikTok owner ByteDance "has not publicly confirmed negotiations with any potential U.S. buyer, nor has it confirmed its willingness to sell TikTok to a U.S. bidder." But ByteDance "favors" a deal with Oracle, according to an X.com post on Thursday from tech-publication The Information.

And today Politico adds that Oracle "is accelerating talks with the White House on a deal to run TikTok, though significant concerns remain about what role the app's Chinese founders will play in its ongoing U.S. operation, according to three people familiar with the discussions." [Oracle's discussions are happening] amid ongoing warnings from congressional Republicans and other China hawks that any new ownership deal — if it keeps TikTok's underlying technology in Chinese hands — could be only a surface-level fix to the security concerns that led to last year's sweeping bipartisan ban of the app. Key lawmakers, including concerned Republicans, are bringing in Oracle this week to discuss the possible deal and rising national security concerns, according to four people familiar with the meetings. One of the three people familiar with the discussions with Oracle said the deal would essentially require the U.S. government to depend on Oracle to oversee the data of American users and ensure the Chinese government doesn't have a backdoor to it — a promise the person warned would be impossible to keep.

"If the Oracle deal moves forward, you still have this [algorithm] controlled by the Chinese...."

The data security company HaystackID, which serves as independent security inspectors for TikTok U.S., said in February that it has found no indications of internal or external malicious activity — nor has it identified any protected U.S. user data that has been shared with China.

A ransomware-as-a-service variant called "Medusa" has claimed over 300 victims in "critical infrastructure sectors" (including medical), according to an joint alert from CISA, the FBI, and the Multi-State Information Sharing Analysis Center.

And that alert reminds us that Medusa is a globe-spanning operation that recruits third-party affiliates to plant ransomware and negotiate with victims, notes the Register. "Even organizations that have good ransomware recovery regimes, meaning they don't need to unscramble encrypted data as they have good backups and fall-back plans, may consider paying to prevent the release of their stolen data, given the unpleasant consequences that follow information leaks. Medusa actors also set a deadline for victims to pay ransoms and provide a countdown timer that makes it plain when stolen info will be sprayed across the internet. If victims cough up $10,000 in cryptocurrency, the crims push the deadline forward by 24 hours.

The advisory reveals one Medusa actor has taken things a step further. "FBI investigations identified that after paying the ransom, one victim was contacted by a separate Medusa actor who claimed the negotiator had stolen the ransom amount already paid," the advisory states. That separate actor then "requested half of the payment be made again to provide the 'true decryptor'," the advisory states, describing this incident as "potentially indicating a triple extortion scheme."
The security groups' advisory stresses that they "do not encourage paying ransoms as payment does not guarantee victim files will be recovered. Furthermore, payment may also embolden adversaries to target additional organizations..." (But "Regardless of whether you or your organization have decided to pay the ransom, FBI, CISA, and MS-ISAC urge you to promptly report ransomware incidents...)

Besides updating software and operating systems, the alert makes these recommendations for organizations:

• Require VPNs (or jump hosts) for remote network access

• Block remote access from unknown/untrusted origins, and disable unused ports

• Segment networks to help prevent the spread of ransomware

• Use a networking monitoring tool to spot and investigate abnormal activity — including lateral movement (using endpoint detection and response tools). Log all network traffic, and monitor it for unauthorized scanning and access attempts.

• Create recovery plans with encrypted offline backups of sensitive/proprietary data and servers

• Require multifactor authentication, use strong (and long) passwords, and "consider not requiring frequently recurring password changes, as these can weaken security." (Also audit access control following the principle of least privilege, and watch for new and/or unrecognized accounts.)

• Disable command-line and scripting activities and permissions.

With Microsoft ending free security updates for Windows 10 in October, millions of PCs that don't meet Windows 11's hardware requirements face an uncertain fate... Charities that refurbish and distribute computers to low-income individuals must choose between providing soon-to-be-insecure Windows 10 machines, transitioning to Linux -- despite usability challenges for non-tech-savvy users -- or recycling the hardware, contributing to ewaste. Tom's Hardware reports: So how bad will it really be to run an end-of-lifed Windows 10? Should people worry? [Chester Wisniewski, who serves as Director and Global Field CISO for Sophos, a major security services company] and other experts I talked to are unequivocal. You're at risk. "To put this in perspective, today [the day we talked] was Patch Tuesday," he said. "There were 57 vulnerabilities, 6 of which have already been abused by criminals before the fixes were available. There were also 57 in February and 159 in January. Windows 10 and Windows 11 largely have a shared codebase, meaning most, if not all, vulnerabilities each month are exploitable on both OSs. These will be actively turned into digital weapons by criminals and nation-states alike and Windows 10 users will be somewhat defenseless against them."

So, in short, even though Windows 10 has been around since 2015, there are still massive security holes being patched. Even within the past few weeks, dozens of vulnerabilities were fixed by Microsoft. So what's a charity to do when these updates are running out and clients will be left vulnerable? "What we decided to do is one year ahead of the cutoff, we discontinued Windows 10," said Casey Sorensen, CEO of PCs for People, one of the U.S.'s largest non-profit computer refurbishers. "We will distribute Linux laptops that are 6th or 7th gen. If we distribute a Windows laptop, it will be 8th gen or newer." Sorensen said that any PC that's fifth gen or older will be sent to an ewaste recycler.

[...] Sorensen, who founded the company in 1998, told us that he's comfortable giving clients computers that run Linux Mint, a free OS that's based on Ubuntu. The latest version of Mint, version 22.1, will be supported until 2029. "Ten years ago if we distributed Linux, they would be like what is it," he said. But today, he notes that many view their computers as windows to the Internet and, for that, a user-friendly version of Linux is acceptable. Further reading: Is 2025 the Year of the Linux Desktop?

An anonymous reader quotes a report from Ars Technica: In an email sent to customers today, Amazon said that Echo users will no longer be able to set their devices to process Alexa requests locally and, therefore, avoid sending voice recordings to Amazon's cloud. Amazon apparently sent the email to users with "Do Not Send Voice Recordings" enabled on their Echo. Starting on March 28, recordings of everything spoken to the Alexa living in Echo speakers and smart displays will automatically be sent to Amazon and processed in the cloud.

Attempting to rationalize the change, Amazon's email said: "As we continue to expand Alexa's capabilities with generative AI features that rely on the processing power of Amazon's secure cloud, we have decided to no longer support this feature." One of the most marketed features of Alexa+ is its more advanced ability to recognize who is speaking to it, a feature known as Alexa Voice ID. To accommodate this feature, Amazon is eliminating a privacy-focused capability for all Echo users, even those who aren't interested in the subscription-based version of Alexa or want to use Alexa+ but not its ability to recognize different voices.

[...] Amazon said in its email today that by default, it will delete recordings of users' Alexa requests after processing. However, anyone with their Echo device set to "Don't save recordings" will see their already-purchased devices' Voice ID feature bricked. Voice ID enables Alexa to do things like share user-specified calendar events, reminders, music, and more. Previously, Amazon has said that "if you choose not to save any voice recordings, Voice ID may not work." As of March 28, broken Voice ID is a guarantee for people who don't let Amazon store their voice recordings. Amazon's email continues: "Alexa voice requests are always encrypted in transit to Amazon's secure cloud, which was designed with layers of security protections to keep customer information safe. Customers can continue to choose from a robust set of controls by visiting the Alexa Privacy dashboard online or navigating to More - Alexa Privacy in the Alexa app."

Further reading: Google's Gemini AI Can Now See Your Search History

Windows Defender has begun identifying WinRing0 -- a kernel-level driver used by numerous hardware monitoring applications -- as malicious software, causing widespread functionality issues for affected tools. The driver, which provides low-level hardware access necessary for reading fan speeds, controlling RGB lighting, and monitoring system components, is being quarantined due to potential security vulnerabilities that could be exploited by malware.

WinRing0 gained popularity among developers because it's one of only two freely available Windows drivers capable of accessing the SMBus registers needed for hardware monitoring functions. The affected applications include Fan Control, OpenRGB, MSI Afterburner, LibreHardwareMonitor, and multiple others that rely on this driver to communicate with system hardware.

The GSM Association has released new specifications for RCS messaging incorporating end-to-end encryption (E2EE) based on the Messaging Layer Security protocol, six months after iOS 18 introduced RCS compatibility.

The specifications ensure messages remain secure between Android and iOS devices, making RCS "the first large-scale messaging service to support interoperable E2EE between client implementations from different providers," said GSMA Technical Director Tom Van Pelt.

The system combines E2EE with SIM-based authentication to strengthen protection against scams and fraud. Apple confirmed it "helped lead a cross industry effort" on the standard and will implement support in future software updates without specifying a timeline. Google's RCS implementation has featured default E2EE since early 2024.

In late 2023, the FBI alerted the Littleton Electric Light and Water Departments (LELWD) that it had been breached by a Chinese-state-sponsored hacking group for over 300 days. With the help of cybersecurity firm Dragos and Department of Energy-funded sensors, LELWD confirmed the intrusion, identified the hackers' movements, and ultimately restructured its network to remove them. PCMag reports: At the time, LELWD had been installing sensors from cybersecurity firm Dragos with the help of Department of Energy grants awarded by the American Public Power Association (APPA). "The sensors helped LELWD confirm the extent of the malicious activity on the system and pinpoint when and where the attackers were going on the utility's networks," the APPA said last year. Today, Dragos released a case study (PDF) about the hack, which it blamed on Voltzite, a "sophisticated threat group...that overlaps with Volt Typhoon."

The call from the FBI forced Dragos "to deploy quickly and bypass the planned onboarding timeline" for the LELWD, it says. It discovered that Volt Typhoon "had persistent access to LELWD's network." Hackers were looking for specific data related to [operational technology] operating procedures and spatial layout data relating to energy grid operations," Dragos tells SecurityWeek. In the end, Dragos confirmed the compromised systems did not contain "customer-sensitive data," and LEWLD changed their network architecture to kick Volt Typhoon out, the case study says. Groups like Volt Typhoon, "don't always go for high-profile targets first," said Ensar Seker, Chief Security Officer at SOCRadar. "Small, underfunded utilities can serve as low-hanging fruit, allowing adversaries to test tactics, develop footholds, and pivot toward larger targets."

On March 9, older Chromecast and Chromecast Audio devices stopped working due to an expired device authentication certificate authority that made them untrusted by Google's apps. While unofficial apps like VLC continue to function, Google's fix will require either updating client apps to bypass the issue or replacing the expired certificates, a process that could take weeks; however, Google has since announced it is beginning a gradual rollout of a fix. The Register reports: Tom Hebb, a former Meta software engineer and Chromecast hacker, has published a detailed analysis of the issue and suggests a fix could take more than a month to prepare. He's also provided workarounds here for folks to try in the meantime. We spoke to Hebb, and he says the problem is this expired device authentication certificate authority. [...] The fix is not simple. It's either going to involve a bit of a hack with updated client apps to accept or workaround the situation, or somehow someone will need to replace all the key pairs shipped with the devices with ones that use a new valid certificate authority. And getting the new keys onto devices will be a pain as, for instance, some have been factory reset and can't be initialized by a Google application because the bundled cert is untrusted, meaning the client software needs to be updated anyway.

Given that the product family has been discontinued, teams will need to be pulled together to address this blunder. And it does appear to be a blunder rather than planned or remotely triggered obsolescence; earlier Chromecasts have a longer certificate validity, of 20 years rather than 10. "Google will either need to put in over a month of effort to build and test a new Chromecast update to renew the expired certificates, or they will have to coordinate internally between what's left of the Chromecast team, the Android team, the Chrome team, the Google Home team, and iOS app developers to push out new releases, which almost always take several days to build and test," Hebb explained. "I expect them to do the latter. A server-side fix is not possible."

So either a week or so to rush out app-side updates to tackle the problem, or much longer to fix the problem with replaced certs. Polish security researcher Maciej Mensfeld also believes the outage is most likely due to an expired device authentication certificate authority. He's proposed a workaround that has helped some users, at least. Hebb, meanwhile, warns more certificate authority expiry pain is looming, with the Chromecast Ultra and Google Home running out in March next year, and the Google Home Mini in January 2027.

Mozilla is urging Firefox users to update their browsers to version 128 or later (or ESR 115.13 for extended support users) before March 14, 2025, to avoid security risks and add-on disruptions caused by the expiration of a key root certificate. "On 14 March a root certificate (the resource used to prove an add-on was approved by Mozilla) will expire, meaning Firefox users on versions older than 128 (or ESR 115) will not be able to use their add-ons," warns a Mozilla blog post. "We want developers to be aware of this in case some of your users are on older versions of Firefox that may be impacted." BleepingComputer reports: A Mozilla support document explains that failing to update Firefox could expose users to significant security risks and practical issues, which, according to Mozilla, include:

- Malicious add-ons can compromise user data or privacy by bypassing security protections.
- Untrusted certificates may allow users to visit fraudulent or insecure websites without warning.
- Compromised password alerts may stop working, leaving users unaware of potential account breaches.

It is noted that the problem impacts Firefox on all platforms, including Windows, Android, Linux, and macOS, except for iOS, where there's an independent root certificate management system. Mozilla says that users relying on older versions of Firefox may continue using their browsers after the expiration of the certificate if they accept the security risks, but the software's performance and functionality may be severely impacted.

An anonymous reader quotes a report from TechCrunch: Anthropic's CEO Dario Amodei is worried that spies, likely from China, are getting their hands on costly "algorithmic secrets" from the U.S.'s top AI companies -- and he wants the U.S. government to step in. Speaking at a Council on Foreign Relations event on Monday, Amodei said that China is known for its "large-scale industrial espionage" and that AI companies like Anthropic are almost certainly being targeted. "Many of these algorithmic secrets, there are $100 million secrets that are a few lines of code," he said. "And, you know, I'm sure that there are folks trying to steal them, and they may be succeeding."

More help from the U.S. government to defend against this risk is "very important," Amodei added, without specifying exactly what kind of help would be required. Anthropic declined to comment to TechCrunch on the remarks specifically but referred to Anthropic's recommendations to the White House's Office of Science and Technology Policy (OSTP) earlier this month. In the submission, Anthropic argues that the federal government should partner with AI industry leaders to beef up security at frontier AI labs, including by working with U.S. intelligence agencies and their allies.

An anonymous reader quotes a report from the EFF: EFF is deeply saddened to learn of the passing of Mark Klein, a bona fide hero who risked civil liability and criminal prosecution to help expose a massive spying program that violated the rights of millions of Americans. Mark didn't set out to change the world. For 22 years, he was a telecommunications technician for AT&T, most of that in San Francisco. But he always had a strong sense of right and wrong and a commitment to privacy. When the New York Times reported in late 2005 that the NSA was engaging in spying inside the U.S., Mark realized that he had witnessed how it was happening. He also realized that the President was not telling Americans the truth about the program. And, though newly retired, he knew that he had to do something. He showed up at EFF's front door in early 2006 with a simple question: "Do you folks care about privacy?"

We did. And what Mark told us changed everything. Through his work, Mark had learned that the National Security Agency (NSA) had installed a secret, secure room at AT&T's central office in San Francisco, called Room 641A. Mark was assigned to connect circuits carrying Internet data to optical "splitters" that sat just outside of the secret NSA room but were hardwired into it. Those splitters -- as well as similar ones in cities around the U.S. -- made a copy of all data going through those circuits and delivered it into the secret room. Mark not only saw how it works, he had the documents to prove it. He brought us over a hundred pages of authenticated AT&T schematic diagrams and tables. Mark also shared this information with major media outlets, numerous Congressional staffers, and at least two senators personally. One, Senator Chris Dodd, took the floor of the Senate to acknowledge Mark as the great American hero he was.

Schools across the United States are increasingly using artificial intelligence to monitor students' online activities, raising significant privacy concerns after Vancouver Public Schools inadvertently released nearly 3,500 unredacted, sensitive student documents to reporters.

The surveillance software, developed by companies like Gaggle Safety Management, scans school-issued devices 24/7 for signs of bullying, self-harm, or violence, alerting staff when potential issues are detected. Approximately 1,500 school districts nationwide use Gaggle's technology to track six million students, with Vancouver schools paying $328,036 for three years of service.

While school officials maintain the technology has helped counselors intervene with at-risk students, documents revealed LGBTQ+ students were potentially outed to administrators through the monitoring.

The Ballista botnet is actively exploiting a high-severity remote code execution flaw (CVE-2023-1389) in TP-Link Archer AX-21 routers, infecting over 6,000 devices primarily in Brazil, Poland, the UK, Bulgaria, and Turkey. Tom's Hardware reports: According to a new report from the Cato CTRL team, the Ballista botnet exploits a remote code execution vulnerability that directly impacts the TP-Link Archer AX-21 router. The botnet can lead to command injection which then makes remote code execution (RCE) possible so that the malware can spread itself across the internet automatically. This high severity security flaw (tracked as CVE-2023-1389) has also been used to spread other malware families as far back as April 2023 when it was used in the Mirai botnet malware attacks. The flaw also linked to the Condi and AndroxGh0st malware attacks.

Ballista's most recent exploitation attempt was February 17, 2025 and Cato CTRL first detected it on January 10, 2025. Of the thousands of infected devices, the majority of them are concentrated in Brazil, Poland, the United Kingdom, Bulgaria and Turkey; with the botnet targeting manufacturing, medical/healthcare, services and technology organizations in the United States, Australia, China and Mexico.

Spain's government has approved legislation imposing substantial fines of up to 35 million euros or 7% of global turnover on companies that fail to clearly label AI-generated content. Reuters reports: The bill adopts guidelines from the European Union's landmark AI Act imposing strict transparency obligations on AI systems deemed to be high-risk, Digital Transformation Minister Oscar Lopez told reporters. "AI is a very powerful tool that can be used to improve our lives ... or to spread misinformation and attack democracy," he said. Spain is among the first EU countries to implement the bloc's rules, considered more comprehensive than the United States' system that largely relies on voluntary compliance and a patchwork of state regulations. Lopez added that everyone was susceptible to "deepfake" attacks - a term for videos, photographs or audios that have been edited or generated through AI algorithms but are presented as real. [...]

The bill also bans other practices, such as the use of subliminal techniques - sounds and images that are imperceptible - to manipulate vulnerable groups. Lopez cited chatbots inciting people with addictions to gamble or toys encouraging children to perform dangerous challenges as examples. It would also prevent organizations from classifying people through their biometric data using AI, rating them based on their behavior or personal traits to grant them access to benefits or assess their risk of committing a crime. However, authorities would still be allowed to use real-time biometric surveillance in public spaces for national security reasons.

A critical root certificate expiring on March 14, 2025 will disable extensions and potentially break DRM-dependent streaming services for Firefox users running outdated browsers. Users must update to at least Firefox 128 or ESR 115.13+ to maintain functionality across Windows, macOS, Linux, and Android platforms.

The expiration additionally compromises security infrastructure, including blocklists for malicious add-ons, SSL certificate revocation lists, and password breach notifications. Even those on legacy operating systems (Windows 7/8/8.1, macOS 10.12â"10.14) must update to minimum ESR 115.13+.

An anonymous reader quotes a report from The Guardian: The pollution of the planet by microplastics is significantly cutting food supplies by damaging the ability of plants to photosynthesize, according to a new assessment. The analysis estimates that between 4% and 14% of the world's staple crops of wheat, rice and maize is being lost due to the pervasive particles. It could get even worse, the scientists said, as more microplastics pour into the environment. About 700 million people were affected by hunger in 2022. The researchers estimated that microplastic pollution could increase the number at risk of starvation by another 400 million in the next two decades, calling that an "alarming scenario" for global food security. [...]

The new study, published in the journal Proceedings of the National Academy of Sciences, combined more than 3,000 observations of the impact of microplastics on plants, taken from 157 studies. Previous research has indicated that microplastics can damage plants in multiple ways. The polluting particles can block sunlight reaching leaves and damage the soils on which the plants depend. When taken up by plants, microplastics can block nutrient and water channels, induce unstable molecules that harm cells and release toxic chemicals, which can reduce the level of the photosynthetic pigment chlorophyll. The researchers estimated that microplastics reduced the photosynthesis of terrestrial plants by about 12% and by about 7% in marine algae, which are at the base of the ocean food web. They then extrapolated this data to calculate the reduction in the growth of wheat, rice and maize and in the production of fish and seafood.

Asia was hardest hit by estimated crop losses, with reductions in all three of between 54 million and 177 million tons a year, about half the global losses. Wheat in Europe was also hit hard as was maize in the United States. Other regions, such as South America and Africa, grow less of these crops but have much less data on microplastic contamination. In the oceans, where microplastics can coat algae, the loss of fish and seafood was estimated at between 1m and 24m tonnes a year, about 7% of the total and enough protein to feed tens of millions of people. Further reading: Are Microplastics Bad For Your Health? More Rigorous Science is Needed

An anonymous reader quotes a report from Ars Technica: HP, along with other printer brands, is infamous for issuing firmware updates that brick already-purchased printers that have tried to use third-party ink. In a new form of frustration, HP is now being accused of issuing a firmware update that broke customers' laser printers -- even though the devices are loaded with HP-brand toner. The firmware update in question is version 20250209, which HP issued on March 4 for its LaserJet MFP M232-M237 models. Per HP, the update includes "security updates," a "regulatory requirement update," "general improvements and bug fixes," and fixes for IPP Everywhere. Looking back to older updates' fixes and changes, which the new update includes, doesn't reveal anything out of the ordinary. The older updates mention things like "fixed print quality to ensure borders are not cropped for certain document types," and "improved firmware update and cartridge rejection experiences." But there's no mention of changes to how the printers use or read toner.

However, users have been reporting sudden problems using HP-brand toner in their M232-M237 series printers since their devices updated to 20250209. Users on HP's support forum say they see Error Code 11 and the hardware's toner light flashing when trying to print. Some said they've cleaned the contacts and reinstalled their toner but still can't print. "Insanely frustrating because it's my small business printer and just stopped working out of nowhere[,] and I even replaced the tone[r,] which was a $60 expense," a forum user wrote on March 8. HP said in a statement: "We are aware of a firmware issue affecting a limited number of HP LaserJet 200 Series devices and our team is actively working on a solution. For assistance, affected customers can contact our support team at: https://support.hp.com." It's unclear how widespread the problems are.