Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Famous Chollima deploying Python version of GolangGhost RAT

Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India.

TALOS
Open in Source
#web#ios#mac#windows#linux#cisco#git#intel#backdoor#auth#chrome
WhatsApp to start targeting you with ads

WhatsApp has announced it will start showing its users targeted ads. Will this be yet another Meta "Pay or OK" choice?

Rapid Rebuild Hackathon 2025: When Legacy Meets Innovation

Consider this: Berkshire Hathaway, Warren Buffett’s $700 billion conglomerate, operates one of the most influential investor websites on…

GHSA-5qpg-rh4j-qp35: pycares has a Use-After-Free Vulnerability

## Summary pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. ## Details ### Root Cause The vulnerability stems from improper handling of callback references when the Channel object is destroyed: 1. When a DNS query is initiated, pycares stores a callback reference using `ffi.new_handle()` 2. If the Channel object is garbage collected while queries are pending, the callback references become invalid 3. When c-ares attempts to invoke the callback, it accesses freed memory, causing a fatal error This issue was much more likely to occur when using `event_thread=True` but could happen without it under the right circumstances. ### Technical Details The core issue is a race condition between Python's garbage collector and c-ares's callback execution: 1. When `__del__` is called from within a c-ares callback context, we cannot immedi...

How to Monetize Unity Apps: Best Practices

Unity is one of the most popular game engines for mobile and cross-platform app development. It powers millions…

RFK Jr. Orders HHS to Give Undocumented Migrants’ Medicaid Data to DHS

Plus: Spyware is found on two Italian journalists’ phones, Ukraine claims to have hacked a Russian aircraft maker, police take down major infostealer infrastructure, and more.

'No Kings’ Protests, Citizen-Run ICE Trackers Trigger Intelligence Warnings

Army intelligence analysts are monitoring civilian-made ICE tracking tools, treating them as potential threats, as immigration protests spread nationwide.

Here’s What Marines and the National Guard Can (and Can’t) Do at LA Protests

Pentagon rules sharply limit US Marines and National Guard activity in Los Angeles, prohibiting arrests, surveillance, and other customary police work.

Apple Zero-Click Flaw in Messages Exploited to Spy on Journalists Using Paragon Spyware

Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks. The vulnerability, tracked as CVE-2025-43200, was addressed on February 10, 2025, as part of iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1,

How to Protest Safely in the Age of Surveillance

Law enforcement has more tools than ever to track your movements and access your communications. Here’s how to protect your privacy if you plan to protest.