Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

⚡ Weekly Recap: WhatsApp Worm, Critical CVEs, Oracle 0-Day, Ransomware Cartel & More

Every week, the cyber world reminds us that silence doesn’t mean safety. Attacks often begin quietly — one unpatched flaw, one overlooked credential, one backup left unencrypted. By the time alarms sound, the damage is done. This week’s edition looks at how attackers are changing the game — linking different flaws, working together across borders, and even turning trusted tools into weapons.

The Hacker News
Open in Source
#xss#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#ddos#redis#nodejs#git#java#oracle#intel#php#backdoor#aws#auth#dell#zero_day#chrome#webkit#sap#asp.net#The Hacker News
Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. "Instead of relying solely on traditional command-and-control (C2) servers that can be taken down, these attackers are leveraging GitHub repositories to host malware

'Happy Gilmore' Producer Buys Spyware Maker NSO Group

Plus: US government cybersecurity staffers get reassigned to do immigration work, a hack exposes sensitive age-verification data of Discord users, and more.

Apple voices concerns over age-check law that could put user privacy at risk

The more sensitive data that companies have to collect and store, the greater the consequences for users if it’s breached.

Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits

With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million.

Fake VPN and streaming app drops malware that drains your bank account

Mobdro Pro IP TV + VPN hides Klopatra, a new Android Trojan that lets attackers steal banking credentials.

Apple Took Down These ICE-Tracking Apps. The Developers Aren't Giving Up

“We are going to do everything in our power to fight this,” says ICEBlock developer Joshua Aaron after Apple removed his app from the App Store.

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface. This edition of ThreatsDay Bulletin explores these converging risks and the safeguards that help

One stolen iPhone uncovered a network smuggling thousands of devices to China

Turns out Apple’s ‘Find My’ feature isn’t just for when your phone slips down the side of the couch.

Hackers Exploit WordPress Sites to Power Next-Gen ClickFix Phishing Attacks

Cybersecurity researchers are calling attention to a nefarious campaign targeting WordPress sites to make malicious JavaScript injections that are designed to redirect users to sketchy sites. "Site visitors get injected content that was drive-by malware like fake Cloudflare verification," Sucuri researcher Puja Srivastava said in an analysis published last week. The website security company