Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More

The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive. Hackers don’t always break systems anymore — they use them. They hide inside trusted apps, copy real websites, and trick people into giving up control

The Hacker News
Open in Source
#vulnerability#web#ios#android#mac#windows#apple#google#microsoft#amazon#linux#git#java#intel#ldap#aws#bios#auth#ibm#sap#wifi#The Hacker News
TikTok scam sells you access to your own fake money

We dive into the “last goodbye” messages sent via TikTok that lead victims to a crypto paywall scam.

How Attackers Bypass Synced Passkeys

TLDR Even if you take nothing else away from this piece, if your organization is evaluating passkey deployments, it is insecure to deploy synced passkeys. Synced passkeys inherit the risk of the cloud accounts and recovery processes that protect them, which creates material enterprise exposure. Adversary-in-the-middle (AiTM) kits can force authentication fallbacks that circumvent strong

AI-driven scams are preying on Gen Z’s digital lives​

Gone are the days when extortion was only the plot line of crime dramas—today, these threatening tactics target anyone with a smartphone, especially Gen Z.

Pixel-stealing “Pixnapping” attack targets Android devices

Imagine if a rogue app could glimpse tiny bits of your screen—even the parts you thought were secure, like your 2FA codes.

RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing

Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack, per ETH Zürich researchers Benedict Schlüter and Shweta Shinde, exploits AMD's incomplete protections that make it possible to perform a single memory

3 Best VPN for iPhone (2025), Tested and Reviewed

There are dozens of iPhone VPNs at your disposal, but these are the services that will actually keep your browsing safe.

What AI Reveals About Web Applications— and Why It Matters

Before an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your GitHub repos. These are all clues that help them understand how your systems behave. AI is significantly accelerating reconnaissance and enabling attackers to map your

Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking and crypto credentials from users across Latin America.