#ios

Cybersecurity researchers have called attention to a cyber attack in which unknown threat actors deployed an open-source endpoint monitoring and digital forensic tool called Velociraptor, illustrating ongoing abuse of legitimate software for malicious purposes. "In this incident, the threat actor used the tool to download and execute Visual Studio Code with the likely intention of creating a

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 (CVSS score: 8.0), relates to a case of insufficient authorization of linked device synchronization messages. Internal researchers on the

### Impact A vulnerability has been identified when using Fleet to manage Helm charts where sensitive information is passed through `BundleDeployment.Spec.Options.Helm.Values` may be stored in plain text. This can result in: 1. Unauthorized disclosure of sensitive data: Any user with `GET` or `LIST` permissions on `BundleDeployment` resources could retrieve Helm values containing credentials or other secrets. 2. Lack of encryption at rest: `BundleDeployment` is not configured for Kubernetes encryption at rest by default, causing sensitive values to remain unencrypted within the cluster datastore. This behavior differs from Helm v3’s default approach, where chart state — including values — is stored in Kubernetes secrets, benefiting from built-in protection mechanisms. In affected scenarios, credentials and other sensitive information are exposed both at rest and in responses to API calls. Please consult the associated [MITRE ATT&CK - Technique - Credentials from Password Stores](ht...

Dexter: Resurrection finale leaks in Russian dub ahead of release. Episodes 9 and 10 surface online, echoing past…

### Impact A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing. This could result in: - Denial of Service (DoS): The server process may crash or become unresponsive when memory consumption exceeds available resources. - Unauthenticated and authenticated exploitation: While the issue was initially observed in unauthenticated `/v3-public/*` endpoints, the absence of request body size limits also affected several authenticated APIs, broadening the potential attack surface. It's worth noting that other areas in Rancher do implement safeguards: requests proxied to Kubernetes APIs are subject to built-in size limits enforced by the [Kubernetes API server itself](https://github.com/kubernetes/kubernetes/blob/v1.33.4/staging/src/k8s...

Click Studios, the developer of enterprise-focused password management solution Passwordstate, said it has released security updates to address an authentication bypass vulnerability in its software. The issue, which is yet to be assigned a CVE identifier, has been addressed in Passwordstate 9.9 (Build 9972), released August 28, 2025. The Australian company said it fixed a "potential

This week, Joe encourages you to find your community in cybersecurity and make the effort to grow, network and hack stuff together.

Miami, United States, 28th August 2025, CyberNewsWire

### Impact When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation. For example, ``` java -cp /app ... Djavax.net.ssl.trustStorePassword=<Password> ``` The command with the password appears in the NeuVector security event. To prevent this, NeuVector uses the following default regular expression to detect and redact sensitive data from process commands: ``` (?i)(password|passwd|token) ``` Also, you can define custom patterns to redact by creating a Kubernetes ConfigMap. For example: ``` kubectl create configmap neuvector-custom-rules --from-file=secret-patterns.yaml -n neuvector ``` Sample `secret-patterns.yaml` content: ``` Pattern_list: - (?i)(pawd|pword) - (?i)(secret) ``` NeuVector uses the default and custom regex to decide whether the process command in a security event should be redacted. **Note:** If numerous regular expression (regex) patterns are configured in the Kubernetes ConfigMap for extended coverage ...

The FCC has disconnected over a thousand voice operators from the public telephone network for not doing their part to stop robocallers.