Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS

Japan's CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for cross-platform system control. The agency said the activity was detected between September and December 2024, targeting

The Hacker News
Open in Source
#mac#apple#linux#The Hacker News
Siemens SINEC OS

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v3.1 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM, SCALANCE Vulnerabilities: NULL Pointer Dereference, Use After Free, Unchecked Input for Loop Condition, Out-of-bounds Write, Out-of-bounds Read, Uncontrolled Resource Consumption, Missing Encryption of Sensitive Data, Improper Restriction of Operations within the Bounds of a Memory Buffer, Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'), Deadlock, Improper Resource Locking, Improper Input Validation, Stack-based Buffer Overflow, Use of NullPointerException Catch to Detect NULL Pointer Dereference, I...

Will Secure AI Be the Hottest Career Path in Cybersecurity?

Securing AI systems represents cybersecurity's next frontier, creating specialized career paths as organizations grapple with novel vulnerabilities, regulatory requirements, and cross-functional demands.

Online portal exposed car and personal data, allowed anyone to remotely unlock cars

A carmaker has been found to be open to leaking vehicle data and customer information through their dealership portal.

What Does Palantir Actually Do?

Palantir is often called a data broker, a data miner, or a giant database of personal information. In reality, it’s none of these—but even former employees struggle to explain it.

Chinese Groups Stole 115 Million US Cards in 16-Month Smishing Campaign

A SecAlliance report reveals Chinese smishing syndicates compromised 115M US payment cards by bypassing MFA to exploit Apple Pay and Google Wallet.

Fake VPN and Spam Blocker Apps Tied to VexTrio Used in Ad Fraud, Subscription Scams

The malicious ad tech purveyor known as VexTrio Viper has been observed developing several malicious apps that have been published on Apple and Google's official app storefronts under the guise of seemingly useful applications. These apps masquerade as VPNs, device "monitoring" apps, RAM cleaners, dating services, and spam blockers, DNS threat intelligence firm Infoblox said in an exhaustive

Weight loss scams, or why ‘Jodie Foster’ wants me to lose weight

Weight loss scams prey on insecurities, and scammers are abusing celebrities and fake news sites to deceive people.

What to Know About Traveling to China for Business

Recent developments and an escalating trade war have made travel to cities like Beijing challenging but by no means impossible.

A week in security (July 28 – August 3)

A list of topics we covered in the week of July 28 to August 3 of 2025