Security
Headlines
HeadlinesLatestCVEs

Tag

#apple

Trump Administration and Big Tech want you to share your health data

The Trump Administration is working with 60 companies on a plan to have Americans voluntarily upload their healthcare and medical data.

Malwarebytes
Open in Source
#apple#google#amazon#git#intel
Apple patches multiple vulnerabilities in iOS and iPadOS. Update now!

Apple has released important security updates for iOS and iPadOS patching 29 vulnerabilities, mostly in WebKit.

GHSA-3wwm-hjv7-23r3: Pyload log Injection via API /json/add_package in add_name parameter

### Summary A log injection vulnerability was identified in `pyload` in API `/json/add_package`. This vulnerability allows user with add packages permission to inject arbitrary messages into the logs gathered by `pyload`. ### Details `pyload` will generate a log entry when creating new package using API `/json/add_package`. This entry will be in the form of `Added package 'NAME_OF_PACKAGE' containing 'NUMBER_OF_LINKS' links`. However, when supplied with the name of new package containing a newline, this newline is not properly escaped. Newlines are also the delimiter between log entries. This allows the attacker to inject new log entries into the log file. ### PoC Run `pyload` in the default configuration by running the following command ``` pyload ``` We can now sign in as the pyload user who at least have add packages permissions. In my example, I will use the admin account to demonstrate this vulnerability. Now as an admin user, view the logs at `http://localhost:8000/logs` <img wi...

Chinese Firms Linked to Silk Typhoon Filed 15+ Patents for Cyber Espionage Tools

Chinese companies linked to the state-sponsored hacking group known as Silk Typhoon (aka Hafnium) have been identified as behind over a dozen technology patents, shedding light on the shadowy cyber contracting ecosystem and its offensive capabilities. The patents cover forensics and intrusion tools that enable encrypted endpoint data collection, Apple device forensics, and remote access to

Apple Patches Safari Vulnerability Also Exploited as Zero-Day in Google Chrome

Apple on Tuesday released security updates for its entire software portfolio, including a fix for a vulnerability that Google said was exploited as a zero-day in the Chrome web browser earlier this month. The vulnerability, tracked as CVE-2025-6558 (CVSS score: 8.8), is an incorrect validation of untrusted input in the browser's ANGLE and GPU components that could result in a sandbox escape via

How the FBI got everything it wanted (re-air) (Lock and Code S06E15)

This week on the Lock and Code podcast, we revisit an interview with Joseph Cox about the largest FBI sting operation ever carried out.

How the FBI got everything it wanted (re-air) (Lock and Code S06E15)

This week on the Lock and Code podcast, we revisit an interview with Joseph Cox about the largest FBI sting operation ever carried out.

Age Verification Laws Send VPN Use Soaring—and Threaten the Open Internet

A law requiring UK internet users to verify their age to access adult content has led to a huge surge in VPN downloads—and has experts worried about the future of free expression online.

Insurance Giant Allianz Life Grapples With Breach Affecting 'Majority' of Customers

The company has yet to report an exact number of how many individuals were impacted by the breach and plans to start the notification process around Aug. 1.

macOS Sploitlight Flaw Exposes Apple Intelligence-Cached Data to Attackers

macOS flaw dubbed Sploitlight allows attackers to access Apple Intelligence-cached data by abusing Spotlight plugins, bypassing privacy controls.