Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Weight loss scams, or why ‘Jodie Foster’ wants me to lose weight

Weight loss scams prey on insecurities, and scammers are abusing celebrities and fake news sites to deceive people.

Malwarebytes
Open in Source
#ios#android#apple#git
What to Know About Traveling to China for Business

Recent developments and an escalating trade war have made travel to cities like Beijing challenging but by no means impossible.

A week in security (July 28 – August 3)

A list of topics we covered in the week of July 28 to August 3 of 2025

Apple ID scam leads to $27,000 in-person theft of Ohio man

An Ohio man lost $27,000 after an Apple ID scam text hit his phone. The strangest part? It happened at his doorstep.

Trump Administration and Big Tech want you to share your health data

The Trump Administration is working with 60 companies on a plan to have Americans voluntarily upload their healthcare and medical data.

Apple patches multiple vulnerabilities in iOS and iPadOS. Update now!

Apple has released important security updates for iOS and iPadOS patching 29 vulnerabilities, mostly in WebKit.

GHSA-3wwm-hjv7-23r3: Pyload log Injection via API /json/add_package in add_name parameter

### Summary A log injection vulnerability was identified in `pyload` in API `/json/add_package`. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by `pyload`. ### Details `pyload` will generate a log entry when creating new package using API `/json/add_package`. This entry will be in the form of `Added package 'NAME_OF_PACKAGE' containing 'NUMBER_OF_LINKS' links`. However, when supplied with the name of new package containing a newline, this newline is not properly escaped. Newlines are also the delimiter between log entries. This allows the attacker to inject new log entries into the log file. ### PoC Run `pyload` in the default configuration by running the following command ``` pyload ``` We can now sign in as the pyload user who at least have add packages permissions. In my example, I will use the admin account to demonstrate this vulnerability. Now as an admin user, view the logs at `http://localhost:8000/logs` <img wi...

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities. The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via

How the FBI got everything it wanted (re-air) (Lock and Code S06E15)

This week on the Lock and Code podcast, we revisit an interview with Joseph Cox about the largest FBI sting operation ever carried out.