#mac

Make sure your Chrome browser is updated to the latest version to stay protected.

Email has always been a double-edged sword in the world of business. On one hand, it’s the fastest,…

ESET has identified PromptLock, the first AI-powered ransomware, using OpenAI models to generate scripts that target Windows, Linux…

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in

## Summary Malicious versions of the [`nx` package](https://www.npmjs.com/package/nx), as well as some supporting plugin packages, were published to npm, containing code that scans the file system, collects credentials, and posts them to GitHub as a repo under user's accounts. ## Affected Versions of `nx` - 21.5.0 - Published at 6:32 PM - 20.9.0 - 20.10.0 - 21.6.0 - 20.11.0 - 21.7.0 - 21.8.0 - 20.12.0 - Published at 8:37 PM These versions have since been removed from NPM as of 10:44 PM EDT ## Affected Versions of `@nx/devkit`, `@nx/js`, `@nx/workspace`, `@nx/node` - 21.5.0 - Published at 6:32 PM - 20.9.0 - Published at 8:42 PM ## Affected Versions of `@nx/eslint` - 21.5.0 - Published at 6:32 PM These versions have since been removed from NPM as of 10:44 PM EDT ## Affected Versions of `@nx/key` and `@nx/enterprise-cloud` - 3.2.0 only - Published at 6:32 PM These versions have since been removed from NPM as of 6:20 AM EDT ## Attack Vector At this time, we bel...

A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious…

Cybercriminals are increasingly using generative AI tools to fuel their attacks, with new research finding instances of AI being used to develop ransomware.

The next chapter of the Microsoft Security Response Center’s (MSRC) BlueHat security conference is fast approaching. BlueHat Asia 2025 will take place in Bengaluru, India, on November 5 – 6, 2025 and the Call for Papers is now open. Submissions will be accepted through September 14, 2025. Now in its third decade, BlueHat is more than a conference, it’s a community.

The next chapter of the Microsoft Security Response Center’s (MSRC) BlueHat security conference is fast approaching. BlueHat Asia 2025 will take place in Bengaluru, India, on November 5 – 6, 2025 and the Call for Papers is now open. Submissions will be accepted through September 5, 2025. Now in its third decade, BlueHat is more than a conference, it’s a community.

## Summary A 32-bit integer overflow in the BMP encoder’s scanline-stride computation collapses `bytes_per_line` (stride) to a tiny value while the per-row writer still emits `3 × width` bytes for 24-bpp images. The row base pointer advances using the (overflowed) stride, so the first row immediately writes past its slot and into adjacent heap memory with attacker-controlled bytes. This is a classic, powerful primitive for heap corruption in common auto-convert pipelines. - **Impact:** Attacker-controlled heap out-of-bounds (OOB) write during conversion **to BMP**. - **Surface:** Typical upload → normalize/thumbnail → `magick ... out.bmp` workers. - **32-bit:** **Vulnerable** (reproduced with ASan). - **64-bit:** Safe from this specific integer overflow (IOF) by arithmetic, but still add product/size guards. - **Proposed severity:** **Critical 9.8** (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). --- ## Scope & Affected Builds - **Project:** ImageMagick (B...