#macos-credential-theft

[ follow ]
#cybersecurity #apple #malware #vulnerabilities #macos #vulnerability #ai #microsoft #social-engineering #ios
#north-korea
fromComputerWeekly.com
1 hour ago
Information security

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.
Information security
fromComputerWeekly.com
1 hour ago

North Korean social engineering campaign targets macOS users | Computer Weekly

A North Korean campaign targeting macOS users tricked victims into executing malicious files, leading to credential and data theft.
more#north-korea
#apple
fromTechCrunch
2 weeks ago
Apple

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple
fromTheregister
9 hours ago

Apple is working on passcode bug locking out iPhone users

Apple is addressing a bug that locked users out of iPhones due to a missing Czech keyboard character.
Apple
fromTNW | Tech
1 day ago

Apple secretly threatened to pull Grok from the App Store over deepfake nudes

Apple threatened to remove xAI's Grok app from the App Store due to non-compliance with content guidelines regarding non-consensual deepfakes.
Apple
fromComputerworld
4 days ago

Apple preps for the face race

Apple is testing four designs for smart glasses, aiming for superior aesthetics and performance compared to competitors.
Apple
fromSecurityWeek
2 weeks ago

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.
Apple
fromTechCrunch
2 weeks ago

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.
more#apple
Artificial intelligence
fromTechRepublic
5 hours ago

AI Upgrades, Security Breaches, and Industry Shifts Define This Week in Tech - TechRepublic

AI innovation and security threats are reshaping technology and corporate strategies across various platforms and applications.
#cybersecurity
fromTechCrunch
1 hour ago
Information security

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Information security
fromSecurityWeek
7 hours ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.
Information security
fromThe Hacker News
3 days ago

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

A cluster of 108 malicious Chrome extensions collects user data and injects ads, compromising browser security.
Information security
fromTechCrunch
1 hour ago

Hackers are abusing unpatched Windows security flaws to hack into organizations | TechCrunch

Hackers exploited Windows vulnerabilities published by a researcher, affecting Windows Defender and allowing high-level access.
Information security
fromSecurityWeek
7 hours ago

In Other News: Satellite Cybersecurity Act, $90K Chrome Flaw, Teen Hacker Arrested

Senate legislation aims to enhance satellite cybersecurity amid rising threats and vulnerabilities in commercial satellite signals.
Privacy technologies
fromYahoo Tech
1 week ago

Hackers Are Using Your Home Router to Spy on Microsoft 365 Users

Russian spies exploited consumer routers to steal Microsoft 365 credentials from thousands of users, turning home devices into espionage tools.
Information security
fromThe Hacker News
3 days ago

108 Malicious Chrome Extensions Steal Google and Telegram Data, Affecting 20,000 Users

A cluster of 108 malicious Chrome extensions collects user data and injects ads, compromising browser security.
more#cybersecurity
Gadgets
fromThe Verge
1 day ago

The nine best ways to protect, customize, and accessorize your MacBook Neo

The MacBook Neo, priced at $599, offers high build quality and performance, making it a top contender in the laptop market for 2026.
Social media marketing
fromAdExchanger
1 day ago

Rewards App Faces Data Broker Accusations; Apple Loves Advertising, Apparently | AdExchanger

Freecash faced allegations of extracting sensitive user data while promoting itself as a rewards app, leading to its removal from the App Store.
Tech industry
fromTheregister
22 hours ago

Mozilla takes on enterprise AI providers with Thunderbolt

Mozilla launches Thunderbolt AI client as an open-source alternative to proprietary enterprise AI platforms, emphasizing data privacy and control.
Careers
fromFortune
1 day ago

This CEO pirated video games as a teen and became a hacker for the Air Force. Now he's built a $3 billion cyber firm | Fortune

Gen Z should trust instincts in career paths, as demonstrated by Kyle Hanslovan's unconventional journey to CEO of a $3 billion cybersecurity firm.
#ai-security
Information security
fromTNW | Anthropic
2 days ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.
Venture
fromSecurityWeek
2 days ago

Capsule Security Emerges From Stealth With $7 Million in Funding

Capsule Security provides a security layer for AI agents to prevent manipulation and ensure safe operations.
Information security
fromTechzine Global
1 day ago

AI agents on GitHub leak API keys via prompt injection

Three popular AI agents on GitHub Actions are vulnerable to Comment and Control attacks, allowing attackers to steal API keys and access tokens.
Information security
fromTNW | Anthropic
2 days ago

Anthropic, Google, and Microsoft paid AI agent bug bounties, then kept quiet about the flaws

Aonan Guan exploited prompt injection attacks to hijack AI agents from Anthropic, Google, and Microsoft, stealing sensitive API keys and tokens.
more#ai-security
#iphone
Apple
fromTheregister
5 days ago

Apple update turns Czech mate for locked-out iPhone user

A student is locked out of his iPhone due to a missing character on the keyboard after an iOS update.
more#iphone
#privacy
Privacy technologies
fromComputerWeekly.com
4 hours ago

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.
Privacy technologies
fromComputerWeekly.com
4 hours ago

Privacy, power, and encryption: why end-to-end security matters | Computer Weekly

Privacy is a fundamental human condition, and end-to-end encryption is essential for protecting communications in a surveillance-heavy world.
more#privacy
Apple
fromComputerworld
3 hours ago

How to think about Apple Business

Apple Business is suitable for small businesses using Apple devices but lacks capabilities for larger enterprises and advanced compliance needs.
Artificial intelligence
fromArs Technica
23 hours ago

Mozilla launches Thunderbolt AI client with focus on self-hosted infrastructure

Thunderbolt client by Mozilla supports various AI interfaces and is available for multiple platforms, with enterprise deployment options under development.
#anthropic
Software development
fromTheregister
1 day ago

Anthropic's Project Glasswing CVE count is still guesswork

Anthropic's Mythos model is under testing by select companies to identify security vulnerabilities, but actual findings remain uncertain.
Information security
fromTheregister
21 hours ago

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.
Software development
fromTheregister
1 day ago

Anthropic's Project Glasswing CVE count is still guesswork

Anthropic's Mythos model is under testing by select companies to identify security vulnerabilities, but actual findings remain uncertain.
Information security
fromTheregister
21 hours ago

MCP 'design flaw' puts 200k servers at risk: Researcher

A design flaw in Anthropic's Model Context Protocol puts 200,000 servers at risk, despite repeated requests for a patch from security researchers.
more#anthropic
Privacy professionals
fromSecurityWeek
4 days ago

BrowserGate: Claims of LinkedIn 'Spying' Clash With Security Research Findings

LinkedIn allegedly scans users' computers to collect data on browser extensions, raising concerns about corporate espionage.
Privacy technologies
fromPetaPixel
1 day ago

Apple and Google Direct Users to AI 'Nudify' Apps: Report

Apple and Google facilitate access to nudify apps that create deepfake nude images despite policies against nonconsensual sexualized content.
fromwww.socialmediatoday.com
2 days ago

Grok faced potential removal from the App Store

Apple privately threatened to remove Elon Musk's artificial intelligence app, Grok, from its App Store in January after Musk's xAI failed to do enough to stop it from creating nude or sexualized deepfakes.
Artificial intelligence
Privacy professionals
fromFast Company
6 days ago

This iPhone trick lets you use ChatGPT without the privacy risks

Using AI chatbots poses risks to privacy and data security, but Siri can help mask identity when accessing ChatGPT on iPhones.
Privacy technologies
fromnews.bitcoin.com
18 hours ago

Anthropic Adds ID Verification to Claude for Select AI Users

Anthropic implemented ID checks for Claude users in April 2026 to limit abuse and meet legal obligations, while not storing ID images on its systems.
Apple
fromEngadget
23 hours ago

Perplexity brings its Personal Computer AI assistant to Mac

Perplexity has launched Personal Computer for Mac, a software that enhances multi-model orchestration for managing tasks and workflows.
Information security
fromThe Hacker News
5 hours ago

Three Microsoft Defender Zero-Days Actively Exploited; Two Still Unpatched

Threat actors are exploiting three vulnerabilities in Microsoft Defender for elevated privileges, with one flaw already addressed by Microsoft.
#microsoft
Privacy technologies
fromThe Verge
2 days ago

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.
Information security
fromTheregister
7 hours ago

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.
Information security
fromSecurityWeek
1 day ago

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.
Information security
fromTechRepublic
2 days ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.
Privacy technologies
fromThe Verge
2 days ago

Microsoft faces fresh Windows Recall security concerns

A new tool, TotalRecall Reloaded, extracts data from Microsoft's redesigned Recall feature, raising ongoing security and privacy concerns.
Information security
fromTheregister
7 hours ago

Microsoft closes book on rogue Windows Server 2025 upgrades

Microsoft has resolved the Windows Server 2025 upgrade issue, but new problems have emerged with the cumulative update KB5082063.
Information security
fromSecurityWeek
1 day ago

Microsoft Paid Out $2.3 Million at Zero Day Quest 2026 Hacking Contest

Microsoft's Zero Day Quest 2026 awarded $2.3 million for discovering 80 high-impact vulnerabilities in cloud and AI services.
Information security
fromTechRepublic
2 days ago

Microsoft Issues Massive Windows Patch for 160+ Bugs, Including Two Zero-Days

Microsoft released a significant security update addressing 165 vulnerabilities, including two critical zero-days, marking one of the largest updates in its history.
more#microsoft
Apple
fromThe Verge
3 days ago

The heist of iOS 26

Jon Prosser revealed details about unreleased iOS software in a video, claiming certainty about its authenticity and encouraging leaks.
Information security
fromArs Technica
8 hours ago

Recent advances push Big Tech closer to the Q-Day danger zone

Organizations are transitioning to new algorithms to replace RSA and elliptic curves due to vulnerabilities exposed by quantum computing threats.
#nudify-apps
Privacy technologies
fromEngadget
1 day ago

Apple and Google are reportedly pointing users to nudify apps

Apple and Google continue to promote nudify apps despite policies against such content, raising concerns about their enforcement and user safety.
Privacy technologies
fromDigital Trends
1 day ago

Damning report finds Apple and Google's app stores boosting nudify apps

Apple and Google are promoting harmful nudify apps through their search and advertising systems, despite policies against adult content.
Privacy technologies
fromEngadget
1 day ago

Apple and Google are reportedly pointing users to nudify apps

Apple and Google continue to promote nudify apps despite policies against such content, raising concerns about their enforcement and user safety.
Privacy technologies
fromDigital Trends
1 day ago

Damning report finds Apple and Google's app stores boosting nudify apps

Apple and Google are promoting harmful nudify apps through their search and advertising systems, despite policies against adult content.
more#nudify-apps
Information security
fromDevOps.com
2 hours ago

The Open Source Trap: Why Trust Isn't a Security Strategy - DevOps.com

The software supply chain is vulnerable due to reliance on under-resourced open source maintainers, requiring active organizational support for security.
Privacy technologies
from404 Media
1 day ago

App Stores Push Users Toward Nudify Apps, New Research Shows

Google and Apple's app stores actively promote harmful nudify and undress apps, contrary to their stated policies.
#malware
fromSecurityWeek
2 days ago
Information security

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

Information security
fromSecurityWeek
2 days ago

$10 Domain Could Have Handed Hackers 25k Endpoints, Including in OT and Gov Networks

A sophisticated threat disguised as adware compromised over 25,000 endpoints, allowing silent control through an unregistered domain.
more#malware
#apple-intelligence
Apple
fromSecurityWeek
1 week ago

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.
Apple
fromTheregister
1 week ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.
Apple
fromSecurityWeek
1 week ago

Apple Intelligence AI Guardrails Bypassed in New Attack

Researchers have successfully bypassed Apple's AI safety protocols using adversarial techniques, allowing for the execution of arbitrary tasks and manipulation of private data.
Apple
fromTheregister
1 week ago

Security reserchers tricked Apple Intelligence into cursing

Apple Intelligence can be hijacked through prompt injection, exposing millions of users to risk, but a fix was implemented in iOS 26.4 and macOS 26.4.
more#apple-intelligence
#cisco
Information security
fromThe Hacker News
1 day ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
1 day ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
Information security
fromThe Hacker News
1 day ago

Cisco Patches Four Critical Identity Services, Webex Flaws Enabling Code Execution

Cisco has released patches for four critical security vulnerabilities in Identity Services and Webex Services that could allow unauthorized access and code execution.
Information security
fromSecurityWeek
1 day ago

Cisco Patches Critical Vulnerabilities in Webex, ISE

Cisco patched 15 vulnerabilities, including critical flaws in Webex and Identity Services Engine, allowing potential unauthorized access and command execution.
more#cisco
Information security
fromComputerworld
20 hours ago

Cisco Systems issues three advisories for critical vulnerabilities in Webex, ISE

Identity and access management is crucial for cybersecurity, with a focus on IAM hygiene necessary to mitigate risks from vulnerabilities.
#ai
Information security
fromSecurityWeek
1 day ago

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

OpenAI launched GPT-5.4-Cyber, a cybersecurity AI model, expanding access to verified defenders and enhancing capabilities for vulnerability analysis.
Information security
fromFortune
4 days ago

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.
Information security
fromSecurityWeek
1 day ago

OpenAI Widens Access to Cybersecurity Model After Anthropic's Mythos Reveal

OpenAI launched GPT-5.4-Cyber, a cybersecurity AI model, expanding access to verified defenders and enhancing capabilities for vulnerability analysis.
Information security
fromFortune
4 days ago

Anthropic caused panic that Mythos will expose cybersecurity weak spots, but one industry veteran says real problem is fixing, not finding, them | Fortune

Anthropic's Claude Mythos Preview AI model identifies cybersecurity vulnerabilities, but experts question its impact on fixing existing issues.
more#ai
Information security
fromSecurityWeek
2 days ago

100 Chrome Extensions Steal User Data, Create Backdoor

Over 20,000 users installed malicious Chrome extensions that steal information, provide backdoors, or inject ads, as reported by cybersecurity firm Socket.
Information security
fromTechRepublic
1 day ago

Malicious WordPress Plugins with Backdoors Compromise Thousands of Websites

Malicious WordPress plugins with backdoors compromised thousands of websites, demonstrating a supply-chain attack and leading to their permanent removal.
Information security
fromComputerWeekly.com
1 day ago

Cyber Essentials closes the MFA loophole but leaves some organisations adrift | Computer Weekly

Multi-factor authentication becomes mandatory under Cyber Essentials v3.3, with no exceptions for organizations failing to implement it.
Information security
fromSecurityWeek
2 days ago

'By Design' Flaw in MCP Could Enable Widespread AI Supply Chain Attacks

MCP's architectural flaw allows adversarial takeover of user systems, exposing sensitive data and enabling malware installation.
Information security
fromTheregister
2 days ago

Ancient Excel bug comes out of retirement for active attacks

A 17-year-old critical Excel vulnerability is actively being exploited, prompting CISA to issue a patch deadline for federal agencies.
Information security
fromTheregister
2 days ago

Critical Fortinet sandbox bugs allow auth bypass and RCE

Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass authentication or execute unauthorized code.
#adobe
Information security
fromTechRepublic
3 days ago

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.
Information security
fromTechCrunch
3 days ago

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.
Information security
fromSecurityWeek
3 days ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.
Information security
fromTechRepublic
3 days ago

Adobe Issues Emergency Patch for Critical PDF Flaw Exploited For Months

Adobe released an emergency patch for a critical vulnerability in its products, exploited since December 2025, with a CVSS score of 8.6.
Information security
fromTechCrunch
3 days ago

Adobe fixes PDF zero-day security bug that hackers have exploited for months | TechCrunch

Adobe patched a critical vulnerability in Acrobat DC and Reader DC that allowed hackers to remotely install malware via malicious PDF files.
Information security
fromSecurityWeek
3 days ago

Adobe Patches 55 Vulnerabilities Across 11 Products

Adobe's Patch Tuesday updates address 55 vulnerabilities across 11 products, with critical ColdFusion flaws requiring immediate attention.
more#adobe
Apple
fromJezebel
4 weeks ago

Your iPhone Has Probably Never Been More Vulnerable to Spyware and Hacking

Apple iOS devices face increased cybersecurity threats from malware like Darksword and Coruna that exploit vulnerabilities to steal data and cryptocurrency from millions of users.
Information security
fromThe Hacker News
2 days ago

April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More

Critical vulnerabilities in Adobe, Fortinet, Microsoft, and SAP products were highlighted in April's Patch Tuesday releases.
#iphone-security
Apple
fromThe Verge
4 weeks ago

PSA: Hackers can raid iOS 18 with an infected link

DarkSword, a new hacking tool targeting iPhones running iOS 18.4 to 18.6.2, exploits six vulnerabilities to steal messages, contacts, credentials, cryptocurrency wallets, and personal data through malicious links.
Information security
fromArs Technica
4 weeks ago

Hundreds of millions of iPhones can be hacked with a new tool found in the wild

DarkSword, a sophisticated iPhone hacking technique discovered in use by Russian hackers, can silently compromise hundreds of millions of iOS devices running older operating system versions through infected websites.
Information security
fromWIRED
4 weeks ago

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A sophisticated iPhone hacking technique called DarkSword enables attackers to silently compromise iOS devices through infected websites, affecting hundreds of millions of users running older iOS versions.
Apple
fromThe Verge
4 weeks ago

PSA: Hackers can raid iOS 18 with an infected link

DarkSword, a new hacking tool targeting iPhones running iOS 18.4 to 18.6.2, exploits six vulnerabilities to steal messages, contacts, credentials, cryptocurrency wallets, and personal data through malicious links.
Information security
fromArs Technica
4 weeks ago

Hundreds of millions of iPhones can be hacked with a new tool found in the wild

DarkSword, a sophisticated iPhone hacking technique discovered in use by Russian hackers, can silently compromise hundreds of millions of iOS devices running older operating system versions through infected websites.
Information security
fromWIRED
4 weeks ago

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A sophisticated iPhone hacking technique called DarkSword enables attackers to silently compromise iOS devices through infected websites, affecting hundreds of millions of users running older iOS versions.
more#iphone-security
#openai
Information security
fromAxios
2 days ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.
Information security
fromAxios
2 days ago

OpenAI expands access to cyber AI as hacking risks grow

OpenAI is shifting to a model that emphasizes identity verification for access to sensitive cybersecurity tools while expanding availability.
more#openai
Apple
fromSecurityWeek
4 weeks ago

Apple Debuts Background Security Improvements With Fresh WebKit Patches

Apple introduced Background Security Improvements, a new mechanism delivering lightweight security patches between regular software updates for iOS, iPadOS, and macOS platforms.
Information security
fromTechzine Global
4 days ago

Adobe patches vulnerability that steals data via PDFs

A sophisticated attack exploits a vulnerability in Adobe Reader via malicious PDF files to gather sensitive information and potentially execute arbitrary code.
Information security
fromSecurityWeek
3 days ago

Organizations Warned of Exploited Windows, Adobe Acrobat Vulnerabilities

CISA expanded its Known Exploited Vulnerabilities catalog with seven new vulnerabilities, including critical Windows and Adobe flaws.
Information security
fromTechzine Global
3 days ago

Attackers are targeting developers via Slack and Google Sites

A targeted phishing campaign exploits trust in the open-source community, tricking developers into providing credentials and installing malicious software.
Information security
fromTechCrunch
4 days ago

Hack at Anodot leaves over a dozen breached companies facing extortion | TechCrunch

Hackers stole data from multiple companies after breaching Anodot, exposing customers to extortion and potential data publication.
#macos
Information security
fromTechRepublic
1 week ago

Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apple's macOS update introduces a warning system to prevent users from executing potentially harmful commands in Terminal.
Information security
fromTechRepublic
1 week ago

Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apple's macOS update introduces a warning system to prevent users from executing potentially harmful commands in Terminal.
Information security
fromSecurityWeek
2 weeks ago

Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs

macOS users are targeted by a ClickFix campaign delivering a Python-based information stealer through a fake Cloudflare verification page.
more#macos
#cve-2026-20700
more#cve-2026-20700
fromMail Online
2 months ago

Warning to all iPhone users over new spyware attack stealing data

The tech giant said the threat stems from the vast majority of users not updating to the latest version of their phone software, known as iOS 26. The patch includes advanced security upgrades for the latest vulnerabilities that hackers have allegedly been using in real-world attacks. Specifically, they've exploited sneaky flaws in the part of the iPhone that handles web browsing, called WebKit.
Apple
Apple
fromTechRepublic
2 months ago

New iOS and iPadOS Flaws Leave Millions of iPhones at Risk

Two WebKit vulnerabilities (CVE-2025-43529 and CVE-2025-14174) allow zero-click remote code execution in Safari, potentially giving attackers full access to iPhones and iPads.
fromThe Hacker News
1 month ago

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit's Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted web content.
Information security
[ Load more ]