#mac

On Wednesday morning, Poland shot down several Russian drones that entered its airspace—a first since Moscow’s invasion of Ukraine. The incident disrupted air travel and set the region on edge.

Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems. According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures. CHILLYHELL is the name assigned to a malware

This scammy text pretends to come from a doctor and says a weight-loss medication prescription has been approved.

With multiple persistence mechanisms, the modular malware can brute-force passwords, drop payloads, and communicate over different protocols.

Microsoft on Tuesday addressed a set of 80 security flaws in its software, including one vulnerability that has been disclosed as publicly known at the time of release. Of the 80 vulnerabilities, eight are rated Critical and 72 are rated Important in severity. None of the shortcomings has been exploited in the wild as a zero-day. Like last month, 38 of the disclosed flaws are related to

The House Select Committee on China has formally issued an advisory warning of an "ongoing" series of highly targeted cyber espionage campaigns linked to the People's Republic of China (PRC) amid contentious U.S.–China trade talks. "These campaigns seek to compromise organizations and individuals involved in U.S.-China trade policy and diplomacy, including U.S. government agencies, U.S. business

>To prevent this report from being deemed inapplicable or out of scope, due to the project's unique nature (for medical applications) and widespread popularity (6k+ stars), it's important to pay attention to some of the project's inherent security issues. (This is because medical professionals may not pay enough attention to security issues when using this project, leading to attacks on services or local machines.) ### Summary The ```pickle_operations``` function in ```monai/data/utils.py``` automatically handles dictionary key-value pairs ending with a specific suffix and deserializes them using pickle.loads() . This function also lacks any security measures. When verified using the following proof-of-concept, arbitrary code execution can occur. ``` #Poc from monai.data.utils import pickle_operations import pickle import subprocess class MaliciousPayload: def __reduce__(self): return (subprocess.call, (['touch', '/tmp/hacker1.txt'],)) malicious_data...

Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.

After 25 years at the Electronic Frontier Foundation, Cindy Cohn is stepping down as executive director. In a WIRED interview, she reflects on encryption, AI, and why she’s not ready to quit the battle.

### Summary Any HTML files on the machine were served regardless of the `server.fs` settings. ### Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network (using --host or [server.host config option](https://vitejs.dev/config/server-options.html#server-host)) - `appType: 'spa'` (default) or `appType: 'mpa'` is used This vulnerability also affects the preview server. The preview server allowed HTML files not under the output directory to be served. ### Details The [serveStaticMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L123) function is in charge of serving static files from the server. It returns the [viteServeStaticMiddleware](https://github.com/vitejs/vite/blob/9719497adec4ad5ead21cafa19a324bb1d480194/packages/vite/src/node/server/middlewares/static.ts#L136) function which runs the needed tests and serves the page. The...