Tag
#apple
A list of topics we covered in the week of October 20 to October 26 of 2025
The UK’s competition watchdog says Apple’s “walled garden” gives it too much control—and may soon force it to allow rival app stores on iPhones.
The Universe Browser is believed to have been downloaded millions of times. But researchers say it behaves like malware and has links to Asia’s booming cybercrime and illegal gambling networks.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks. The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a
Chinese gangs are using US SIM farms and money mules to run industrial-scale text scams that steal and launder Americans’ card data.
A financially motivated threat actor codenamed UNC5142 has been observed abusing blockchain smart contracts as a way to facilitate the distribution of information stealers such as Atomic (AMOS), Lumma, Rhadamanthys (aka RADTHIEF), and Vidar, targeting both Windows and Apple macOS systems. "UNC5142 is characterized by its use of compromised WordPress websites and 'EtherHiding,' a technique used
The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive. Hackers don’t always break systems anymore — they use them. They hide inside trusted apps, copy real websites, and trick people into giving up control
### Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Projecta are affected if the `Mailgen.generatePlaintext(email)` method is used and passed in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli (@edoardottt). ### Details The following function (inside index.js) is intended to strip all HTML content to produce a plaintext string. ```javascript // Plaintext text e-mail generator Mailgen.prototype.generatePlaintext = function (params) { // Plaintext theme not cached? if (!this.cachedPlaintextTheme) { throw new Error('An error was encountered while loading the plaintext theme.'); } // Parse email params and get back an object with data to inject var ejsParams = this.parseParams(params); // Render the plaintext theme with ejs, injecting the data accordingly var output = ejs.render(this.cachedPlaintextTheme, ejsParams); // Definition of the <br /> tag ...
TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure. Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong
### Summary An HTML injection vulnerability in plaintext emails generated by Mailgen has been discovered. Your project is affected if you use the `Mailgen.generatePlaintext(email)` method and pass in user-generated content. The issue was discovered and reported by Edoardo Ottavianelli (@edoardottt). ### Details The following function (inside index.js) is intended to strip all HTML content to produce a plaintext string. ```javascript // Plaintext text e-mail generator Mailgen.prototype.generatePlaintext = function (params) { // Plaintext theme not cached? if (!this.cachedPlaintextTheme) { throw new Error('An error was encountered while loading the plaintext theme.'); } // Parse email params and get back an object with data to inject var ejsParams = this.parseParams(params); // Render the plaintext theme with ejs, injecting the data accordingly var output = ejs.render(this.cachedPlaintextTheme, ejsParams); // Definition of the <br /> tag ...