#ios

ChatGPT o3 resists shutdown despite explicit instructions, raising fresh concerns over AI safety, alignment, and reinforcement learning behaviors.

### Impact This is a prototype pollution vulnerability. It impacts users of the `set` function within the Radashi library. If an attacker can control parts of the `path` argument to the `set` function, they could potentially modify the prototype of all objects in the JavaScript runtime, leading to unexpected behavior, denial of service, or even remote code execution in some specific scenarios. ### Patches The vulnerability has been patched in commit [`8147abc8cfc3cfe9b9a17cd389076a5d97235a66`](https://github.com/radashi-org/radashi/commit/8147abc8cfc3cfe9b9a17cd389076a5d97235a66). Users should upgrade to a version of Radashi that includes this commit. The fix utilizes a new helper function, `isDangerousKey`, to prevent the use of `__proto__`, `prototype`, or `constructor` as keys in the path, throwing an error if any are encountered. This check is bypassed for objects with a `null` prototype. ### Workarounds Users on older versions can mitigate this vulnerability by sanitizing the...

Talos has observed exploitation of CVE-2025-0994 in the wild by UAT-6382, a Chinese-speaking threat actor, who then deployed malware payloads via TetraLoader.

The new major release of Red Hat Enterprise Linux (RHEL) brings a number of important improvements in the confidential computing domain. This article covers the most important features available now in both RHEL 10 and RHEL 9.6: Full support for RHEL Unified Kernel Image (UKI), including FIPS and kdump supportIntel Trusted Domain Extension (TDX) guestsTrustee attestation clientFull support for RHEL Unified Kernel Image (UKI)First introduced in RHEL9.2 as a Technology Preview, UKI for RHEL is a UEFI Portable Executable (PE) binary containing the Linux kernel, initramfs, and kernel command line.

### Problem The backend user management interface allows password changes without requiring the current password. When an administrator updates their own account or modifies other user accounts via the admin interface, the current password is not requested for verification. This behavior may lower the protection against unauthorized access in scenarios where an admin session is hijacked or left unattended, as it enables password changes without additional authentication. ### Solution Update to TYPO3 versions 9.5.51 ELTS, 10.4.50 ELTS, 11.5.44 ELTS, 12.4.31 LTS, 13.4.12 LTS that fix the problem described. > [!NOTE] > In these versions, administrators are required to verify their identity through step-up authentication (also known as sudo mode) when changing backend user passwords. ### Credits Thanks to the National Cyber Security Center (NCSC) of Switzerland for reporting this issue, and to TYPO3 core & security team member Benjamin Franzke for fixing it.

A new report from Zimperium is alerting users about growing threats facing iOS devices, particularly those tied to…

Coinbase insider breach: Bribed overseas agents stole user data; company rejects ransom, offers $20M reward, boosts security, and…

Reddit Struggles After Google's New Focus on Expertise

Credential protection is key to preventing breaches. Secure APIs, rotate secrets and train devs to handle credentials safely…

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Devices Vulnerabilities: Insufficiently Protected Credentials, Out-of-bounds Write 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve LDAP credentials via modifying the LDAP server IP address in the FortiOS configuration to point to a malicious attacker-controlled server or cause a denial-of-service condition. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Siemens reports that the following products are affected: RUGGEDCOM APE1808: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 INSUFFICIENT...