Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

All Apple users should update after company patches zero-day vulnerability in all platforms

Apple has released security updates to patch a zero-day vulnerability tracked as CVE-2025-43300 for all platforms

Malwarebytes
Open in Source
#vulnerability#ios#android#mac#apple#zero_day#sap
Apple Patches CVE-2025-43300 Zero-Day in iOS, iPadOS, and macOS Exploited in Targeted Attacks

Apple has released security updates to address a security flaw impacting iOS, iPadOS, and macOS that it said has come under active exploitation in the wild. The zero-day out-of-bounds write vulnerability, tracked as CVE-2025-43300, resides in the ImageIO framework that could result in memory corruption when processing a malicious image. "Apple is aware of a report that this issue may have been

Side of Fries With That Bug? Hacker Finds Flaws in McDonald's Staff, Partner Hubs

Exposure of APIs, sensitive data, and corporate documents are just some of the security issues that the purveyor of Big Macs was cooking up.

How to Automate Phishing Detection to Prevent Data Theft

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

GHSA-hf86-8x8v-h7vc: Apache EventMesh Vulnerable to Server-Side Request Forgery in WebhookUtil.java

Server-Side Request Forgery (SSRF) in eventmesh-runtime module in WebhookUtil.java on windows\linux\mac os e.g. allows the attacker can abuse functionality on the server to read or update internal resources. Users are recommended to upgrade to version 1.12.0 or use the master branch, which fixes this issue.

Ilevia EVE X1 Server 4.7.18.0.eden Credentials Leak Through Log Disclosure

The EVE X1 server suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'passwd' HTTP POST parameter in /ajax/php/login.php script.

Oregon Man Charged in ‘Rapper Bot’ DDoS Service

A 22-year-old Oregon man has been arrested on suspicion of operating "Rapper Bot," a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets -- including a March 2025 DDoS that knocked Twitter/X offline. The Justice Department asserts the suspect and an unidentified co-conspirator rented out the botnet to online extortionists, and tried to stay off the radar of law enforcement by ensuring that their botnet was never pointed at KrebsOnSecurity.

Ransomware incidents in Japan during the first half of 2025

Ransomware attackers continue to primarily target small and medium-sized manufacturing businesses in Japan.

Scammers Compromised by Own Malware, Expose $4.67M Operation

CloudSEK uncovered a Pakistan-based family cybercrime network that spread infostealers via pirated software, netting $4.67M and millions of…

ERMAC V3.0 Banking Trojan Source Code Leak Exposes Full Malware Infrastructure

Cybersecurity researchers have detailed the inner workings of an Android banking trojan called ERMAC 3.0, uncovering serious shortcomings in the operators' infrastructure. "The newly uncovered version 3.0 reveals a significant evolution of the malware, expanding its form injection and data theft capabilities to target more than 700 banking, shopping, and cryptocurrency applications," Hunt.io