Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Top Apple, Google VPN Apps May Help China Spy on Users

Apple and Google espouse strong values about data privacy, but they allow programs from a Big Brother state to thrive on their app stores, researchers allege.

DARKReading
Open in Source
#apple#google#sap
US Supreme Court Upholds Texas Porn ID Law

In a 6-3 decision, the Supreme Court held that age verification for explicit sites is constitutional. In a dissent, Justice Elena Kagan warned it burdens adults and ignores First Amendment precedent.

Researchers Warn Free VPNs Could Leak US Data to China

Tech Transparency Project warns Chinese-owned VPNs like Turbo VPN and X-VPN remain on Apple and Google app stores, raising national security concerns.

How an Email, Crypto Wallet and YouTube Activity Led the FBI to IntelBroker

FBI tracked IntelBroker as UK’s Kai West using an email address, crypto trails, YouTube activity and forum posts after dozens of high-profile data breaches and darknet activity.

BreachForums: ShinyHunters Members Arrested, IntelBroker Identified as Kai West

Four alleged ShinyHunters members arrested, IntelBroker exposed as British national Kai West in global crackdown linked to BreachForums and major data breaches.

SparkKitty Spyware on App Store and Play Store, Steals Photos for Crypto Data

Kaspersky uncovers SparkKitty, new spyware in Apple App Store & Google Play. Steals photos, targets crypto info, active since early 2024 via malicious apps.

Scammers Use Inferno Drainer to Steal $43K from CoinMarketCap Users

Scammers used Inferno Drainer to steal $43,000 in crypto from 110 CoinMarketCap users through a fake wallet prompt embedded in the site’s front-end.

GHSA-vrw8-fxc6-2r93: chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes

### Summary The RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect. ### Details The RedirectSlashes method uses the Host header to construct the redirectURL at this line https://github.com/go-chi/chi/blob/v5.2.1/middleware/strip.go#L55 The Host header can be manipulated by a user to be any arbitrary host. This leads to open redirect when using the RedirectSlashes middleware ### PoC Create a simple server which uses the RedirectSlashes middleware ``` package main import ( "fmt" "net/http" "github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5/middleware" // Import the middleware package ) func main() { // Create a new Chi router r := chi.NewRouter() // Use the built-in RedirectSlashes middleware r.Use(middleware.RedirectSlashes) // Use middleware.RedirectSlashes // Define a route handler r.Get("/", func(w http.ResponseWriter, r *http.Request) { // A simple response w.Write([]byte("Hello, World!")) }) ...

Scammers Insert Fake Support Numbers on Real Apple, Netflix, PayPal Pages

Cybercriminals are injecting fake support phone numbers onto official sites like Bank of America and Netflix. Learn how 'search parameter injection' scams work and protect yourself now.

Billions of logins for Apple, Google, Facebook, Telegram, and more found exposed online

Researchers have uncovered 30 exposed data sets containing over 16 billion login credentials which were likely harvested by infostealers.