#mac

Scattered LAPSUS$ Hunters admin "Rey," allegedly a 15-year-old named Saif Khader from Jordan, has been named in a report linking him to the group. He denies the claim.

Microsoft has announced plans to improve the security of Entra ID authentication by blocking unauthorized script injection attacks starting a year from now. The update to its Content Security Policy (CSP) aims to enhance the Entra ID sign-in experience at "login.microsoftonline[.]com" by only letting scripts from trusted Microsoft domains run. "This update strengthens security and adds an extra

Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire

Reliability engineer on why resilience must be designed, not patched, and how decades of global experience taught her to turn outages into insights.

### Summary CVE-2025-12816 has been reserved by CERT/CC **Description** An Interpretation Conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions. ### Details A critical ASN.1 validation bypass vulnerability exists in the node-forge asn1.validate function within `forge/lib/asn1.js`. ASN.1 is a schema language that defines data structures, like the typed record schemas used in X.509, PKCS#7, PKCS#12, etc. DER (Distinguished Encoding Rules), a strict binary encoding of ASN.1, is what cryptographic code expects when verifying signatures, and the exact bytes and structure must match the schema used to compute and verify the signature. After deserializing DER, Forge uses static ASN.1 validation schemas to locate the signed data or public key, compute digests o...

# Summary Developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. Due to the longstanding [decision](https://docs.ray.io/en/releases-2.51.1/ray-security/index.html) by the Ray Development team to not implement any sort of authentication on critical endpoints, like the `/api/jobs` & `/api/job_agent/jobs/` has once again led to a severe vulnerability that allows attackers to execute arbitrary code against Ray. This time in a development context via the browsers Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the `User-Agent` header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the `User-Agent` header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who ina...

### Summary The `EMOJI_REGEX` used in the `emoji` action is vulnerable to a Regular Expression Denial of Service (ReDoS) attack. A short, maliciously crafted string (e.g., <100 characters) can cause the regex engine to consume excessive CPU time (minutes), leading to a Denial of Service (DoS) for the application. ### Details The ReDoS vulnerability stems from "catastrophic backtracking" in the `EMOJI_REGEX`. This is caused by ambiguity in the regex pattern due to overlapping character classes. Specifically, the class `\p{Emoji_Presentation}` overlaps with more specific classes used in the same alternation, such as `[\u{1F1E6}-\u{1F1FF}]` (regional indicator symbols used for flags) and `\p{Emoji_Modifier_Base}`. When the regex engine attempts to match a string that almost matches but ultimately fails (like the one in the PoC), this ambiguity forces it to explore an exponential number of possible paths. The matching time increases exponentially with the length of the crafted input, ...

The second wave of the Shai-Hulud supply chain attack has spilled over to the Maven ecosystem after compromising more than 830 packages in the npm registry. The Socket Research Team said it identified a Maven Central package named org.mvnpm:posthog-node:4.18.1 that embeds the same two components associated with Sha1-Hulud: the "setup_bun.js" loader and the main payload "bun_environment.js." "

Scammers are using fake jobs and a phony video update to infect Mac users with a multi-stage stealer designed for long-term access and data theft.

Cary, North Carolina, USA, 26th November 2025, CyberNewsWire