#mac

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 (CVSS score: 8.0), relates to a case of insufficient authorization of linked device synchronization messages. Internal researchers on the

JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser…

Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. ### Reproduction Setup versity server running on port 7071, no SSL (for ease of packet tracing with tshark). Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070. This does have to be SSL enabled for the repro to occur. nginx config: ``` upstream tony_versity { server 127.0.0.1:7071; keepalive 15; } server { listen 7070 ssl ; access_log /var/log/nginx/tony_versity_proxy.access.log; error_log /var/log/nginx/tony_versity_proxy.error.log; # Allow any size file to be uploaded. client_max_body_size 0; # Allow special characters in headers ignore_invalid_headers off; # Disable buffering proxy_buffering off; proxy_request_buffering off; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; ssl_certificate "/WS/TEMP/lh.crt"; ss...

CISA has added three actively exploited vulnerabilities in Citrix and Git to its KEV Catalogue. Federal agencies must…

A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted…

Make sure your Chrome browser is updated to the latest version to stay protected.

Email has always been a double-edged sword in the world of business. On one hand, it’s the fastest,…

ESET has identified PromptLock, the first AI-powered ransomware, using OpenAI models to generate scripts that target Windows, Linux…

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in

## Summary Malicious versions of the [`nx` package](https://www.npmjs.com/package/nx), as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts. ## Affected Versions of `nx` - 21.5.0 - Published at 6:32 PM - 20.9.0 - 20.10.0 - 21.6.0 - 20.11.0 - 21.7.0 - 21.8.0 - 20.12.0 - Published at 8:37 PM These versions have since been removed from NPM as of 10:44 PM EDT ## Affected Versions of `@nx/devkit`, `@nx/js`, `@nx/workspace`, `@nx/node` - 21.5.0 - Published at 6:32 PM - 20.9.0 - Published at 8:42 PM ## Affected Versions of `@nx/eslint` - 21.5.0 - Published at 6:32 PM These versions have since been removed from NPM as of 10:44 PM EDT ## Affected Versions of `@nx/key` and `@nx/enterprise-cloud` - 3.2.0 only - Published at 6:32 PM These versions have since been removed from NPM as of 6:20 AM EDT ## Attack Vector At this time, we bel...