A Florida correctional institution leaked the names, email addresses, and telephone numbers of visitors to the facility to every inmate.

The Everglades Correctional Institution (ECI) in Miami-Dade County has leaked the names, email addresses, and telephone numbers of visitors to the facility to every inmate.

The inmates received an email last week sent by a staff member that included the personal information of the visitors. Inmates can access their emails through secure tablets or kiosks at the facility. It is unclear yet whether it was an accidental or deliberate leak.

Those affected by this data breach feel frightened and infuriated, especially the women. That reaction is perfectly understandable: Imagine discovering that someone shared your contact details with every inmate in a correctional institution.

Madeline Donate, who regularly visits her husband at the prison, told the Florida Phoenix:

> “It’s kind of disturbing when you think about it. The privacy aspect of this is concerning. This is how other inmates get information and can sometimes extort family members and things like that. It’s concerning.”

Another visitor, Jan Thompson, spoke of her fears:

> “What if there’s some inmate that doesn’t like another inmate? And he tells his family, ‘Okay, here’s his wife’s phone number. Call her and tell her if she doesn’t pay and put $500 on my book, I’m going to have her husband stabbed and killed.’ What’s stopping them from doing that?”

The way this came about demands an explanation. During the COVID-19 pandemic, a policy was introduced where visitors had to fill out an application form every time they intend to visit. Before the introduction of that policy, a visitor—once approved– could just show up during visitation hours. While the policy made sense at the time, the underlying protocols have long been discarded, but the policy was left in place.

Patrice Kelly says she had already removed most of her digital footprint from the internet after having a problem with a stalker in her immediate past. Now her personal contact information has been released to every other inmate at ECI.

She stated:

> “Unfortunately, people in Florida that are at that institution now have my information. I don’t live in Florida anymore, so that’s a good thing. It only takes somebody saying, this is where this person lives.”

Denise Rock, executive director of the prisoner advocacy group Florida Cares, said her organization’s main concern is not with the institution but the visitation process, which she said is duplicative and led to the data breach.

> “We urge the department to discontinue requiring already-approved visitors to register and release their private information each time they do so.”

The Florida Department of Corrections has not commented publicly about the incident.

**Advice**

Remaining cautious and proactive helps limit the risk of further exposure or harm resulting from this data breach. When additional details become available about how the breach occurred or what steps the Department of Corrections is taking, there might be more tailored recommendations available.

Some tips that might be helpful:

*   Be cautious when receiving any unexpected communications (calls, messages, emails) from unknown numbers or individuals who reference your personal connection to an incarcerated person. Do not engage in conversations before confirming the source through other channels.
*   If you receive any harassment, threats, or inappropriate contact from current or former inmates, notify prison authorities immediately and consider reporting to the police.
*   Reach out to the Florida Department of Corrections to request removal or restriction of your contact details from visitation records where feasible, and ask what steps they are taking to prevent further incidents.
*   Do not share further personal information. Avoid sharing additional personal details publicly on social media or online directories that could be linked to your exposed information. You can check what information is already out there about you by using our free Digital Footprint Scanner.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 Prison visitor details shared with all inmates at correctional facility 

Scammers are using texts that appear to have been sent to a wrong number to get targets to engage in a conversation.

_A special thanks to all the people at Malwarebytes and ThreatDown for sharing the text messages they received from scammers._

Many of us have received texts like these. Often super short, some flirty, some with a business tone, or sometimes just a simple ‘hello.’

You don’t know the sender, and they look like an honest mistake. But they’re not. All the messages are carefully crafted to seem plausible—so you don’t immediately feel suspicious—and short—to trigger your curiosity.

The intention of these messages are to get you to be confused enough that you will reply, perhaps by saying they have the wrong number.

Here are some of the messages our team has received recently:

**1\. The one-word text**

**2\. The “who are you again?” text**

**3\. The “tempting” text**

Sometimes these involve inviting you for fun activities on the weekend, like a BBQ or some beach time. Sometimes, it’s just a dinner suggestion:  

**4\. The business text**  

**5\. The “OMG i just woke up” text**  

These are just some examples, but we’ve seen so many more.

As soon as you reply, the scammer will initiate a friendly conversation. Their end goal will be to gain your trust and develop the relationship into a costly romance or investment scam.

From their end at least, some of my co-workers told them to go phish elsewhere.

However funny, we don’t recommend engaging with scammers in this or any other way. Here’s why:

**Why you should never respond**

*   Responding confirms your number is active.
*   It flags you as someone who reads texts and might engage.
*   The scammer may sell or share your number.
*   Some groups build long-term “mark profiles” for future scams. Even though you think you’re only providing them with little to none information, scammers often track who replies, how they reply, and how easily they engage. That data becomes part of a “mark profile”, a digital dossier on you that might include your phone number, the time of response (which suggests your schedule or time zone), and any other information you share.

**What you should do instead of replying**

*   Don’t reply, not even to be helpful. Don’t engage in conversation, even if they seem friendly.
*   Never click on links.
*   Block the number.
*   Report the message to your carrier (In the US, most carriers support forwarding spam texts to 7726).
*   Share examples (anonymized) to help others. One way to do this is to use Malwarebytes Scam Guard, which also helps you assess if a message is a scam or not.

**We don’t just report on scans—we help detect them**

Cybersecurity risks should never spread beyond a headline. If something looks dodgy to you, check if it’s a scam using Malwarebytes Scam Guard, a feature of our mobile protection products. Submit a screenshot, paste suspicious content, or share a text or phone number, and we’ll tell you if it’s a scam or legit. Download Malwarebytes Mobile Security for iOS or Android and try it today!

 That seemingly innocent text is probably a scam 

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers.
The .NET Bounty Program now offers awards up to $40,000 USD for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers.

The .NET Bounty Program now offers awards up to **$40,000 USD** for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).  

**Program scope expansion**

The .NET Bounty Program now provides broader coverage across the .NET framework. It includes:

*   All supported versions of .NET and ASP.NET
    
*   Adjacent technologies such as F#
    
*   Supported versions of ASP.NET Core for .NET Framework
    
*   Templates provided with supported versions of .NET and ASP.NET Core
    
*   GitHub Actions in the .NET and ASP.NET Core repositories
    

These updates ensure continuous security review and protection for Microsoft customers across a wider range of technologies.

**Awards structure update**

The restructured .NET Bounty Program introduces several improvements to how submissions are evaluated and rewarded. The new award tables now clearly define severity levels, specify different types of security impacts, and outline revised criteria for report quality.

**Clear severity levels:** Awards are now based on the potential impact of a vulnerability, ensuring higher-impact issues receive greater rewards.

**Aligned impact categories:** Security impact types now match those used in other Microsoft bounty programs, helping researchers understand how their submissions will be assessed.

**Defined report quality:** Submissions are rated as either “complete” or “not complete.” Only reports that include fully functional exploits qualify as “complete.” Theoretical scenarios are still considered but receive lower awards based on practical impact.

These updates promote transparency and encourage detailed, actionable submissions that help improve the security of the .NET ecosystem.

**Increased award amounts**

We’ve increased the award amounts to better reflect the complexity of discovering and exploiting vulnerabilities within .NET.

Security Impact

Report Quality

Critical

Important

Remote Code Execution

Complete

$40,000

$30,000

Not Complete

$20,000

$20,000

Elevation of Privilege

Complete

$40,000

$10,000

Not Complete

$20,000

$4,000

Security Feature Bypass

Complete

$30,000

$10,000

Not Complete

$20,000

$4,000

Remote Denial of Service

Complete

$20,000

$10,000

Not Complete

$15,000

$4,000

Spoofing or Tampering

Complete

$10,000

$5,000

Not Complete

$7,000

$3,000

Information Disclosure

Complete

$10,000

$5,000

Not Complete

$7,000

$3,000

Documentation or samples included in documentation are insecure or encourage insecurity and are not described as samples which do not take security into consideration

Complete

$10,000

$5,000

Not Complete

$7,000

$3,000

Thank you to our researchers and collaborators for your continued partnership. Your contributions are essential to strengthening the security of .NET, and we look forward to your future submissions.

Cheers,

_Madeline Eckert, MSRC and Barry Dorrans, .NET Security_

.NET Bounty Program now offers up to $40,000 in awards 

We’re excited to announce significant updates to the Microsoft .NET Bounty Program. These changes expand the program’s scope, simplify the award structure, and offer great incentives for security researchers.

The .NET Bounty Program now offers awards up to **$40,000 USD** for vulnerabilities impacting the .NET and ASP.NET Core (including Blazor and Aspire).  

**Program scope expansion**

The .NET Bounty Program now provides broader coverage across .NET. It includes:

*   All supported versions of .NET and ASP.NET
    
*   Adjacent technologies such as F#
    
*   Supported versions of ASP.NET Core for .NET Framework
    
*   Templates provided with supported versions of .NET and ASP.NET Core
    
*   GitHub Actions in the .NET and ASP.NET Core repositories
    

These updates ensure continuous security review and protection for Microsoft customers across a wider range of technologies.

**Awards structure update**

The restructured .NET Bounty Program introduces several improvements to how submissions are evaluated and rewarded. The new award tables now clearly define severity levels, specify different types of security impacts, and outline revised criteria for report quality.

**Clear severity levels:** Awards are now based on the potential impact of a vulnerability, ensuring higher-impact issues receive greater rewards.

**Aligned impact categories:** Security impact types now match those used in other Microsoft bounty programs, helping researchers understand how their submissions will be assessed.

**Defined report quality:** Submissions are rated as either “complete” or “not complete.” Only reports that include fully functional exploits qualify as “complete.” Theoretical scenarios are still considered but receive lower awards based on practical impact.

These updates promote transparency and encourage detailed, actionable submissions that help improve the security of the .NET ecosystem.

**Increased award amounts**

We’ve increased the award amounts to better reflect the complexity of discovering and exploiting vulnerabilities within .NET.

Security Impact

Report Quality

Critical

Important

Remote Code Execution

Complete

$40,000

$30,000

Not Complete

$20,000

$20,000

Elevation of Privilege

Complete

$40,000

$10,000

Not Complete

$20,000

$4,000

Security Feature Bypass

Complete

$30,000

$10,000

Not Complete

$20,000

$4,000

Remote Denial of Service

Complete

$20,000

$10,000

Not Complete

$15,000

$4,000

Spoofing or Tampering

Complete

$10,000

$5,000

Not Complete

$7,000

$3,000

Information Disclosure

Complete

$10,000

$5,000

Not Complete

$7,000

$3,000

Documentation or samples included in documentation are insecure or encourage insecurity and are not described as samples which do not take security into consideration

Complete

$10,000

$5,000

Not Complete

$7,000

$3,000

Thank you to our researchers and collaborators for your continued partnership. Your contributions are essential to strengthening the security of .NET, and we look forward to your future submissions.

Cheers,

_Madeline Eckert, MSRC and Barry Dorrans, .NET Security_

VPN use is skyrocketing across the UK as the region's Online Safety Act places age verification controls on adult websites.

As the UK’s Online Safety Act came into effect on Friday—along with its age verification controls—the use of virtual private network (VPN) services has skyrocketed by up to 20-fold across the region.

Top10VPN, which monitors VPN traffic around the world, spotted UK VPN traffic spiking 1,327% on July 25, compared to the daily average over the prior four weeks. The traffic didn’t slow down on the days following, either, increasing 1,.712% above the pre-July 25 baseline on July 26, and by almost 2,000% on July 27.

The Online Safety Act forces a variety of websites to verify a user’s age, ensuring they are 18 years old or over. This doesn’t just apply to the obvious porn sites, but to a broad array of other categories: social media, gaming, and even search. The content considered harmful under the bill isn’t just sexual either, but covers areas including suicide, self-harm, and content related to eating disorders. Sites that don’t comply risk fines or even bans in the UK.

The more stringent law means that simply checking a box saying you’re over 18 won’t cut it. Instead, the UK’s communications regulator OFCOM suggests several ways for sites to verify a person’s age:

*   Using open banking information (where a person submits information from their bank that proves their age)
*   Photo ID matching using facial recognition
*   Proving your age to your mobile operator who then approves you on the site’s behalf
*   Checking your credit card (only adult UK residents can get one)
*   Analyzing your email to see if it’s likely to have been used in an adult situation (a mortgage application, say)
*   Using digital identity services such as a digital ID wallet (the EU is working on one of these)
*   Estimating a person’s age from a selfie.

OFCOM argues that all methods must be implemented in line with UK privacy law, but it’s understandable that adult users might consider this a privacy risk. It’s also likely that some minors will want to flout the rules and access content that the government doesn’t want them to, especially given the wide scope of the law. Both these reasons are likely why VPN activity has soared since the law kicked in.

When you browse the internet directly, your computer uses an IP address that your internet service provider gives you. The site you’re browsing can use that to determine what country you’re in. A VPN is a program that connects your internet browsing device to the VPN company’s computer. That computer then serves as your jumping-off point to the internet.

Because VPN providers have networks of these computers around the world, you can pretend to be in another country of your choosing when using a VPN, meaning people often use them to bypass censorship laws. As more countries have been restricting access to adult content, they have also become a tool for internet users to dodge age protection laws.

UK Science Secretary Peter Kyle downplayed the use of VPNs in a Guardian interview yesterday, arguing that “very few children” were seeking harmful content online. Yet according to OFCOM, 8% of children between eight and 14 in the UK access online porn every month. That figure increases to almost one in five boys in that age bracket.

Kyle insisted that the government had solved up to 90% of the problem. “That 10% that’s remaining, or whatever that percentage is? We’ll go figuring it out as we move forward,” he said.

Per Wired, the Proton VPN service tweeted that its UK signups surged over 1,400%. “Unlike previous surges, this one is sustained, and is significantly higher than when France lost access to adult content,” it added.

VPN service Windscribe also tweeted a graph showing what appeared to be a massive spike in daily sign-ups on July 25.

And AdGuard also reported a spike in traffic, “Website traffic from UK users has surged by more than 60%, with visits from Android devices more than doubling and iOS traffic up by nearly 100%,” it said. “VPN installs in the UK have also grown by 2.5 times, and we’re seeing a clear increase in traffic from keyword searches—a significant share of which is related to adult content.”

Kyle told the Guardian that he was not going to ban VPNs, but that he would be looking “very closely” at how they are being used.

 VPN use rises following Online Safety Act’s age verification controls 

Apple has released important security updates for iOS and iPadOS patching 29 vulnerabilities, mostly in WebKit.

Apple released a security update for iOS and iPadOS to patch multiple vulnerabilities, including one that could leak sensitive information when visiting a malicious website and one that allows an attacker to display false information in the address bar.

In total, 29 vulnerabilities were patched, most of them in WebKit, Apple’s web rendering engine that powers Safari and renders webpages in other apps.

The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later.

To check if you’re using the latest software version, go to Settings > General > Software Update. You want to be on iOS 18.6 or iPadOS 18.6, so update now if you’re not. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

update now

Apple has also released updates for macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7, watchOS 11.6, and tvOS 18.6.

**Technical details**

Here we will discuss some of the vulnerabilities that Apple patched in this update.

CVE-2025-31229: A logic issue might disclose your passcode by the VoiceOver reading it aloud. VoiceOver is a gesture-based screen reader which allows people to use an iPhone even if they can’t see the screen.

CVE-2025-43217: Devices may fail to display the privacy indicators when apps access the microphone or camera, which could prevent users from being notified about this usage.

CVE-2025-43227: Visiting a specially crafted malicious website can expose your sensitive information; while Apple has not specified the exact types, data handled by the browser (for example, cookies, authentication tokens, browsing history, and other personal information), could be at risk.

CVE-2025-43228: Visiting a malicious website may lead to address bar spoofing. “Address bar spoofing” is when a website tricks your web browser into showing a fake or misleading website address (URL) in the address bar, at the top of your browser window, instead of the website you’re actually visiting. This means what you see in the address bar looks like a trustworthy site (for example, your bank or a popular service), but in reality, you’re on a different, potentially dangerous site controlled by an attacker.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Apple patches multiple vulnerabilities in iOS and iPadOS. Update now! 

Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you're interested in what we’re seeing in the threat landscape, detection engineering or real-world incident response, here's where and how to find us.

Wednesday, July 30, 2025 06:00

Cisco Talos is back at Black Hat with new research, threat detection overviews and opportunities to connect with our team. Whether you're interested in what we’re seeing in the threat landscape, detection engineering or real-world incident response, here's where and how to find us: 

**Visit us at the Cisco booth: 2726 **

We’ll have short, 15-minute booth talks throughout Wednesday and Thursday of Black Hat, with topics including: 

*   Talos Vulnerability Discovery Year in Review 
*   How to: Threat Intel 
*   Full Metal SnortML: Accelerating Machine Learning based Firewalls with FPGAs 
*   From CVE to Detection: A Rule Writer's Journey Through Modern Threats 

We also have these sessions as part of the wider conference agenda: 

**Lunch & Learn: Backdoors & Breaches **

**Lagoon KL, Level 2 | Wednesday, Aug 6, 12:05–1:30 PM**    
**Speaker: Joe Marshall** 

Join Joe and members of Talos as we discuss and develop incident response plans in real-time. We’ll use real scenarios over a game of Backdoors & Breaches, an incident response card game developed by Black Hills Information Security. Members from Talos Threat Intelligence will lead tables through the game over lunch and discuss recent threat trends. 

**Reserve your spot here** 

**Mandalay Bay I | Wednesday, Aug 6, 11:20–12:10 PM**    
**Speaker: Nick Biasini** 

Nick will explore how generative AI is shaping today’s threat landscape, from attackers using AI to enhance operations, to malware posing as AI tools, to efforts targeting the models themselves. The session will also cover how organizations can safely adopt GAI while defending against its misuse. 

**Learn more here** 

**Threat Briefing: ReVault! Compromised by Your Secure SoC **

**Oceanside C, Level 2 |  Wednesday, Aug 6, 10:20–11:00 AM**   
**Speaker: Philippe Laulheret** 

This talk introduces ReVault, a vulnerability affecting a widely used embedded security chip. Philippe will demonstrate how a low-privilege user can exploit the flaw to extract sensitive data, gain persistence at the firmware level, and compromise the host system.  

Learn more here 

**Visit the Splunk Booth: Threat Hunters Cookbook Launch **

**Splunk Booth 3046**

Our colleagues at Splunk will be launching their brand new _Threat Hunters Cookbook_ in hard copy. We’ve had a sneak preview, and trust us, this is a brilliant resource for those who want to use modelling and machine learning to conduct threat hunts that really get the best out of your efforts.  

If you're at the show, we’d love to hear what you’re working on, so stop by the Cisco booth (and grab yourself a Snorty while you’re at it). See you in Vegas!

Cisco Talos at Black Hat 2025: Briefings, booth talks and what to expect

Choicejacking is a new USB attack that tricks phones into sharing data at public charging stations, bypassing security prompts in milliseconds.

If you thought using a public phone charger was safe, it’s time to think again. Despite years of updates aimed at protecting smartphones from “juice jacking” attacks, cybersecurity researchers have identified a new threat that sidesteps those very safeguards.

A new study now outlines how attackers are now using a method called Choicejacking to exploit smartphones into granting unauthorised access, often without the user realising anything happened.

****From Juice Jacking to Choicejacking****

Juice jacking first made headlines over a decade ago, when hackers used infected charging stations to either steal data or inject malware into connected phones. In response, smartphone operating systems began requiring users to approve any data transfer when a device is plugged into an unknown port. That change gave users the option to choose “charge only” or allow file access.

But researchers from Graz University of Technology in Austria have found a way (PDF) to sidestep those security prompts altogether. The technique tricks phones into thinking the user has allowed data transfer, even when they haven’t touched the screen.

****How Choicejacking Works****

Instead of relying on traditional malware, this attack spoofs USB or Bluetooth input devices to fake user actions. A malicious charging station could simulate keyboard inputs, overflow input buffers, or abuse device communication protocols to quietly switch your phone into data-transfer or debug mode.

The entire process takes less than 133 milliseconds. That’s faster than you can blink, meaning the phone reacts before you even have a chance to notice.

Adrianus Warmenhoven, a cybersecurity advisor at NordVPN, said the danger lies in the illusion of control. “Choicejacking is particularly dangerous because it manipulates a device into making decisions users never intended, all without them realising it,” he explained.

Once access is granted, the attacker can quietly browse photos, read messages, or plant malicious software.

Attack flow (Image via Graz University of Technology)

****Public Ports Aren’t Worth the Risk****

The rise of choicejacking reinforces what cybersecurity experts have said for years: public USB ports should not be trusted. Even at airports, hotels, or cafés, a compromised charger could be waiting to hijack your device.

Warmenhoven adds, “With a single deceptive prompt, attackers can trick people into enabling data transfer, potentially exposing personal files and other sensitive data.”

That warning applies to both Android and iOS users. While some platforms offer more visible prompts or charge-only settings, the underlying vulnerabilities still exist, and attackers are always looking for ways to get around them.

While the Choicejacking technique was detailed in a research paper, it has been accepted for presentation at the 34th USENIX Security Symposium, taking place in August 2025.

****What You Can Do to Stay Safe****

Nevertheless, researchers suggest keeping your phone’s software updated and avoiding unfamiliar charging ports whenever you can. It also helps to be prepared. Carrying a portable power bank is one of the easiest ways to stay in control while you’re out. If you do need to plug in, try to use a wall outlet with your own cable and adapter instead of a public USB port, especially ones that look suspicious or overly complicated.

Some devices let you select “charge only” mode, which prevents any data from being transferred. Turn that on if it’s available. While attackers keep finding new tricks, staying cautious and informed can still keep you a step ahead.

New Choicejacking Attack Steals Data from Phones via Public Chargers

Cybersecurity researchers have discovered a new, large-scale mobile malware campaign that's targeting Android and iOS platforms with fake dating, social networking, cloud storage, and car service apps to steal sensitive personal data.
The cross-platform threat has been codenamed SarangTrap by Zimperium zLabs. Users in South Korea appear to be the primary focus.
"This extensive campaign involved

Tag

#ios