Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Google’s Advanced Protection for Vulnerable Users Comes to Android

A new extra-secure mode for Android 16 will let at-risk users lock their devices down.

Wired
Open in Source
#vulnerability#web#ios#android#mac#apple#google#microsoft#git#java#buffer_overflow#chrome
Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials

Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor. "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's

WhatsApp hack: Meta wins payout over NSO Group spyware

Meta has won almost $170m in damages from Israel-based NSO Group, maker of the Pegasus spyware.

GHSA-x39x-9qw5-ghrf: Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL

### Summary During a manual source code review, [**ARIMLABS.AI**](https://arimlabs.ai) researchers identified that the `browser_use` module includes an embedded whitelist functionality to restrict URLs that can be visited. This restriction is enforced during agent initialization. However, it was discovered that these measures can be bypassed, leading to severe security implications. ### Details **File:** `browser_use/browser/context.py` The `BrowserContextConfig` class defines an `allowed_domains` list, which is intended to limit accessible domains. This list is checked in the `_is_url_allowed()` method before navigation: ```python @dataclass class BrowserContextConfig: """ [STRIPPED] """ cookies_file: str | None = None minimum_wait_page_load_time: float = 0.5 wait_for_network_idle_page_load_time: float = 1 maximum_wait_page_load_time: float = 5 wait_between_actions: float = 1 disable_security: bool = True browser_window_size: Browse...

Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi

Cybersecurity researchers have disclosed a series of now-patched security vulnerabilities in Apple's AirPlay protocol that, if successfully exploited, could enable an attacker to take over susceptible devices supporting the proprietary wireless technology. The shortcomings have been collectively codenamed AirBorne by Israeli cybersecurity company Oligo. "These vulnerabilities can be chained by

Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US

The open source software easyjson is used by the US government and American companies. But its ties to Russia’s VK, whose CEO has been sanctioned, have researchers sounding the alarm.

A week in security (April 27 – May 3)

A list of topics we covered in the week of April 27 to May 3 of 2025

Billions of Apple Devices at Risk from “AirBorne” AirPlay Vulnerabilities

Oligo Security uncovers “AirBorne,” a set of 23 vulnerabilities in Apple AirPlay affecting billions of devices. Learn how…

Hacking Spree Hits UK Retail Giants

Plus: France blames Russia for a series of cyberattacks, the US is taking steps to crack down on a gray market allegedly used by scammers, and Microsoft pushes the password one step closer to death.

Understanding the challenges of securing an NGO

Joe talks about how helping the helpers can put a fire in you and the importance of keeping nonprofits cybersecure.