Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More

Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. "Apple is

The Hacker News
Open in Source
#vulnerability#mac#apple#zero_day#The Hacker News
Apple Patches Actively Exploited Zero-Day Vulnerability

The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them.

Change Healthcare Breach Impact Doubles to 190M People

One of the largest data breaches in history was apparently twice as impactful as previously thought, with PII belonging to hundreds of millions of people sitting in the hands of cybercriminals.

GHSA-rh4j-5rhw-hr54: vllm: Malicious model to RCE by torch.load in hf_model_weights_iterator

### Description The vllm/model_executor/weight_utils.py implements hf_model_weights_iterator to load the model checkpoint, which is downloaded from huggingface. It use torch.load function and weights_only parameter is default value False. There is a security warning on https://pytorch.org/docs/stable/generated/torch.load.html, when torch.load load a malicious pickle data it will execute arbitrary code during unpickling. ### Impact This vulnerability can be exploited to execute arbitrary codes and OS commands in the victim machine who fetch the pretrained repo remotely. Note that most models now use the safetensors format, which is not vulnerable to this issue. ### References * https://pytorch.org/docs/stable/generated/torch.load.html * Fix: https://github.com/vllm-project/vllm/pull/12366

Brave Desktop Browser Vulnerability Lets Malicious Sites Appear Trusted

A critical vulnerability in Brave Browser allows malicious websites to appear as trusted sources during file uploads/downloads. Learn…

Royal Mail SMS Phishing Scam Targets Victims with Fake Delivery Fee Requests

Beware of a convincing Royal Mail SMS phishing scam asking for personal details and payment for re-delivery. Learn…

Scammers Are Creating Fake News Videos to Blackmail Victims

“Yahoo Boy” scammers are impersonating CNN and other news organizations to create videos that pressure victims into making blackmail payments.

GamaCopy Mimics Gamaredon Tactics in Cyber Espionage Targeting Russian Entities

A previously unknown threat actor has been observed copying the tradecraft associated with the Kremlin-aligned Gamaredon hacking group in its cyber attacks targeting Russian-speaking entities. The campaign has been attributed to a threat cluster dubbed GamaCopy, which is assessed to share overlaps with another hacking group named Core Werewolf, also tracked as Awaken Likho and PseudoGamaredon.

Three privacy rules for 2025 (Lock and Code S06E02)

This week on the Lock and Code podcast, host David Ruiz shares three privacy rules for 2025, and they're all about taking back control.

MITRE's Latest ATT&CK Simulations Tackle Cloud Defenses

The MITRE framework's applied exercise provides defenders with critical feedback about how to detect and defend against common, but sophisticated, attacks.