#apple

Apple on Tuesday revealed a new security feature called Memory Integrity Enforcement (MIE) that's built into its newly introduced iPhone models, including iPhone 17 and iPhone Air. MIE, per the tech giant, offers "always-on memory safety protection" across critical attack surfaces such as the kernel and over 70 userland processes without sacrificing device performance by designing its A19 and

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

Phishers are abusing Apple and Microsoft infrastructure to send out call-back phishing emails with legitimate sender and return addresses.

Cybersecurity never slows down. Every week brings new threats, new vulnerabilities, and new lessons for defenders. For security and IT teams, the challenge is not just keeping up with the news—it’s knowing which risks matter most right now. That’s what this digest is here for: a clear, simple briefing to help you focus where it counts. This week, one story stands out above the rest: the

A hacker cracked into a database of video recordings taken from Nexar-branded cameras, which are built to be placed drivers’ cars,...

Cybersecurity researchers have flagged a new malware campaign that has leveraged Scalable Vector Graphics (SVG) files as part of phishing attacks impersonating the Colombian judicial system. The SVG files, according to VirusTotal, are distributed via email and designed to execute an embedded JavaScript payload, which then decodes and injects a Base64-encoded HTML phishing page masquerading as a

### Summary A Use-After-Free (UAF) vulnerability has been discovered in the Sdf_PathNode module of the Pixar OpenUSD library. This issue occurs during the deletion of the Sdf_PrimPathNode object in multi-threaded environments, where freed memory is accessed. This results in segmentation faults or bus errors, allowing attackers to potentially exploit the vulnerability for remote code execution (RCE). By using a specially crafted .usd file, an attacker could gain control of the affected system. The vulnerability has been confirmed in multiple OpenUSD tools, including sdfdump, usdtree, usdcat, and sdffilter. ### Patches This is fixed with [commit 0d74f31](https://github.com/PixarAnimationStudios/OpenUSD/commit/0d74f31fe64310791e274e587c9926335e9db9db), with the fix available in OpenUSD 25.08 and onwards. ### Details The issue is a Use-After-Free vulnerability in the Sdf_PathNode destruction process, specifically in Sdf_PrimPathNode::~Sdf_PrimPathNode(). When multiple threads attempt to...

Bill takes thoughtful look at the transition from summer camp to grind season, explores the importance of mental health and reflects on AI psychiatry.

CISA updates its KEV List with TP-Link Wi-Fi extender and WhatsApp spyware flaws, urging users and agencies to…

A "sophisticated" attack that also exploits an Apple zero-day flaw is targeting a specific group of iPhone users, potentially with spyware.