Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

VPN use rises following Online Safety Act’s age verification controls

VPN use is skyrocketing across the UK as the region's Online Safety Act places age verification controls on adult websites.

Malwarebytes
Open in Source
#web#ios#android#git
VPN use rises following Online Safety Act’s age verification controls

VPN use is skyrocketing across the UK as the region's Online Safety Act places age verification controls on adult websites.

Apple patches multiple vulnerabilities in iOS and iPadOS. Update now!

Apple has released important security updates for iOS and iPadOS patching 29 vulnerabilities, mostly in WebKit.

Cisco Talos at Black Hat 2025: Briefings, booth talks and what to expect

Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you're interested in what we’re seeing in the threat landscape, detection engineering or real-world incident response, here's where and how to find us.

New Choicejacking Attack Steals Data from Phones via Public Chargers

Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing security prompts in milliseconds.

Cybercriminals Use Fake Apps to Steal Data and Blackmail Users Across Asia’s Mobile Networks

Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that's targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data. The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus. "This extensive campaign involved

Age Verification Laws Send VPN Use Soaring—and Threaten the Open Internet

A law requiring UK internet users to verify their age to access adult content has led to a huge surge in VPN downloads—and has experts worried about the future of free expression online.

How Microsoft defends against indirect prompt injection attacks

Summary The growing adoption of large language models (LLMs) in enterprise workflows has introduced a new class of adversarial techniques: indirect prompt injection. Indirect prompt injection can be used against systems that leverage large language models (LLMs) to process untrusted data. Fundamentally, the risk is that an attacker could provide specially crafted data that the LLM misinterprets as instructions.

GHSA-9952-gv64-x94c: CodeIgniter4's ImageMagick Handler has Command Injection Vulnerability

### Impact This vulnerability affects applications that: * Use the ImageMagick handler for image processing (`imagick` as the image library) * **AND** either: * Allow file uploads with user-controlled filenames and process uploaded images using the `resize()` method * **OR** use the `text()` method with user-controlled text content or options An attacker can: * Upload a file with a malicious filename containing shell metacharacters that get executed when the image is processed * **OR** provide malicious text content or options that get executed when adding text to images ### Patches Upgrade to v4.6.2 or later. ### Workarounds * **Switch to the GD image handler** (`gd`, the default handler), which is not affected by either vulnerability * **For file upload scenarios**: Instead of using user-provided filenames, generate random names to eliminate the attack vector with `getRandomName()` when using the `move()` method, or use the `store()` method, which automatically generates safe ...

iPhone vs. Android: iPhone users more reckless, less protected online

Lower rates for creating unique passwords, buying items from known websites, and using protection software leave iPhone users at risk to online scams.