#mac

On December 16, 2025, Red Hat announced the acquisition of Chatterbox Labs, a pioneer in model-agnostic AI safety and generative AI (gen AI) guardrails.The following questions and answers provide additional context on the acquisition and what it means for Red Hat customers and partners.The AnnouncementWhat is the news? Red Hat announced on December 16, 2025, that it has acquired Chatterbox Labs, a private company founded in 2011 that provides model testing and gen AI guardrails. Chatterbox Labs technology, known as the AIMI platform, delivers quantitative AI risk metrics to help organizations

New report by Unit 42 reveals the Hamas-linked Ashen Lepus (WIRTE) group is using the AshTag malware suite to target Middle Eastern diplomatic and government entities with advanced, hidden tactics.

If you use a smartphone, browse the web, or unzip files on your computer, you are in the crosshairs this week. Hackers are currently exploiting critical flaws in the daily software we all rely on—and in some cases, they started attacking before a fix was even ready. Below, we list the urgent updates you need to install right now to stop these active threats. ⚡ Threat of the Week Apple and

In early December 2025, security researchers exposed a cybercrime campaign that had quietly hijacked popular Chrome and Edge browser extensions on a massive scale. A threat group dubbed ShadyPanda spent seven years playing the long game, publishing or acquiring harmless extensions, letting them run clean for years to build trust and gain millions of installs, then suddenly flipping them into

The pro-Russian hacktivist group known as CyberVolk (aka GLORIAMIST) has resurfaced with a new ransomware-as-a-service (RaaS) offering called VolkLocker that suffers from implementation lapses in test artifacts, allowing users to decrypt files without paying an extortion fee. According to SentinelOne, VolkLocker (aka CyberVolk 2.x) emerged in August 2025 and is capable of targeting both Windows

In the last article, we discussed how integrating AI into business-critical systems opens up enterprises to a new set of risks with AI security and AI safety. Rather than reinventing the wheel or relying on fragmented, improvised approaches, organizations should build on established standards and best practices to stay ahead of cybercriminals and other adversaries.To manage these challenges, enterprises need to adopt a formal approach by using a set of frameworks that map AI threats, define controls, and guide responsible adoption. In this article, we’ll explore the evolving AI security and

Apple on Friday released security updates for iOS, iPadOS, macOS, tvOS, watchOS, visionOS, and its Safari web browser to address two security flaws that it said have been exploited in the wild, one of which is the same flaw that was patched by Google in Chrome earlier this week. The vulnerabilities are listed below - CVE-2025-43529 (CVSS score: N/A) - A use-after-free vulnerability in WebKit

### Impact The APIVersion rule uses `new Function()` to evaluate expression strings. A malicious crafted flow metadata file can cause arbitrary JavaScript execution during scanning. An attacker could execute arbitrary JavaScript during a scan by supplying a malicious expression within rule configuration or crafted flow metadata. This could compromise developer machines, CI runners, or editor environments. ### Patches The patch removes all uses of `new Function()` and replaces them with a safer parser. It now validates operators (`>`, >=`, `<`, `<=`, `==`) and performs numeric comparisons without evaluating untrusted JavaScript. **version:** core-v6.10.6, **version vsx:**: v2.4.4 ### Work around ``` // --- Handle APIVersion rule separately to avoid unsafe-eval in the core library --- const apiVersionConfig = ruleConfig.rules.APIVersion; if (apiVersionConfig) { delete ruleConfig.rules.APIVersion; } // Manually evaluate the APIVersion rule, if it was configur...

### Summary The anti-slashing is not effective if the attacker can access EOTS manager endpoints. ### Impact If the EOTS manager endpoints are open to public without HMAC protection, the attacker can manually cause slashing of the finality provider through the RPC endpoints

Cybersecurity researchers are calling attention to a new campaign that's leveraging GitHub-hosted Python repositories to distribute a previously undocumented JavaScript-based Remote Access Trojan (RAT) dubbed PyStoreRAT. "These repositories, often themed as development utilities or OSINT tools, contain only a few lines of code responsible for silently downloading a remote HTA file and executing