#ios

2025 was an incredible year for network operations (NetOps) and Red Hat Ansible Automation Platform. To address growing network complexity, Red Hat provided the tools NetOps teams needed to implement a strategic automation approach. Through major platform releases, new partner integrations, and global events, Red Hat helped customers achieve enterprise-wide network automation with Ansible Automation Platform. Let’s take a look back at the major network automation milestones that defined the year.Key platform innovations In October, Ansible Automation Platform 2.6 launched, introducing new ca

Scammers exploited a PayPal subscriptions feature to send legitimate emails from service@paypal.com, using fake purchase notifications to push tech support scams.

If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready. Below, we list the urgent updates you need to install right now to stop these active threats. ⚡ Threat of the Week Apple and

Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. The vulnerabilities are listed below - CVE-2025-43529 (CVSS score: N/A) - A use-after-free vulnerability in WebKit

Scale software teams fast with development team augmentation. Learn when it works best, key models, common mistakes, and how to choose the right partner.

Cybersecurity researchers have documented four new phishing kits named BlackForce, GhostFrame, InboxPrime AI, and Spiderman that are capable of facilitating credential theft at scale. BlackForce, first detected in August 2025, is designed to steal credentials and perform Man-in-the-Browser (MitB) attacks to capture one-time passwords (OTPs) and bypass multi-factor authentication (MFA). The kit

The browser has become the main interface to GenAI for most enterprises: from web-based LLMs and copilots, to GenAI‑powered extensions and agentic browsers like ChatGPT Atlas. Employees are leveraging the power of GenAI to draft emails, summarize documents, work on code, and analyze data, often by copying/pasting sensitive information directly into prompts or uploading files.  Traditional

Researchers have found Android malware that holds your files and your device hostage until you pay the ransom.

Cary, North Carolina, USA, 11th December 2025, CyberNewsWire

## Summary The `download_media` method in Pyrofork does not sanitize filenames received from Telegram messages before using them in file path construction. This allows a remote attacker to write files to arbitrary locations on the filesystem by sending a specially crafted document with path traversal sequences (e.g., `../`) or absolute paths in the filename. --- ## Details When downloading media, if the user does not specify a custom filename (which is the common/default usage), the method falls back to using the `file_name` attribute from the media object. This attribute originates from Telegram's `DocumentAttributeFilename` and is controlled by the message sender. ### Vulnerable Code Path **Step 1**: In `pyrogram/methods/messages/download_media.py` (lines 145-151): ```python media_file_name = getattr(media, "file_name", "") # Value from Telegram message directory, file_name = os.path.split(file_name) # Split user's path parameter file_name = file_name or media_file_name o...