#mac

## Summary An inconsistency in `OperatorFuncNode` can be exploited to hide the execution of untrusted `operator.xxx` methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. **Note:** This report focuses on `operator.call` as it appears to be the most interesting target, but the same technique applies to other `operator` methods. Moreover, please do not focus too much on the specific example used to hide the `operator.call` invocation—it was a zero-effort choice meant solely to demonstrate the issue. The key point is the **inconsistency** that allows a user to approve a type as trusted, while in reality enabling the execution of `operator.xxx`. ## Details The `OperatorFuncNode` allows calling methods belonging to the `operator` module and included in a trusted list of methods. However, what is returned by `get_untrusted_types` and checked during the `load` call is no...

A cybercriminal managed to insert malicious files leading to info stealers in a pre-release of a game on the Steam platform

New Scavenger Trojan steals crypto wallet data using fake game mods and browser flaws, targeting MetaMask, Exodus, Bitwarden, and other popular apps.

Get to know the real people behind cybersecurity’s front lines. In this week’s newsletter, sci-fi meets reality, humanity powers technology and a few surprises are waiting to be discovered.

Lower rates for creating unique passwords, buying items from known websites, and using protection software leave iPhone users at risk to online scams.

Cisco Talos Incident Response (Talos IR) recently observed attacks by Chaos, a relatively new ransomware-as-a-service (RaaS) group conducting big-game hunting and double extortion attacks.

FBI warns of Interlock ransomware using unique tactics to hit businesses and critical infrastructure with double extortion.

Microsoft reveals Chinese state-backed hacker groups, including Linen Typhoon, Violet Typhoon, and Storm-2603, are exploiting SharePoint flaws, breaching over 100 organisations. Discover threat actors, their tactics and Microsoft's urgent security guidance.

Hackers are exploiting critical SharePoint flaws (CVE-2025-53770/53771) to breach global targets, including governments and corporations. Microsoft urges immediate action. Learn about the active attacks and how to protect your network from credential theft and backdoors.

Cisco Talos is aware of the ongoing exploitation of CVE-2025-53770 and CVE-2025-53771 in the wild. These are path traversal vulnerabilities affecting SharePoint Server Subscription Edition, SharePoint Server 2016, and SharePoint Server 2019.