Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Travelers to the UK targeted in ETA scams

Some scammers are selling ETA documents at exaggerated prices, and others are after your personal and financial data.

Malwarebytes
Open in Source
#web#mac#git#auth
China Is About to Show Off Its New High-Tech Weapons to the World

On September 3, China will hold a “Victory Day” military parade in Tiananmen Square to celebrate the 80th anniversary of its victory over Japan—and to send the West a message.

WhatsApp 0-Day Exploited in Attacks on Targeted iOS and macOS Users

WhatsApp has patched a critical 0-day (CVE-2025-55177) that allowed zero-click spyware attacks on iOS and Mac users. The…

WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks. The vulnerability, CVE-2025-55177 (CVSS score: 8.0), relates to a case of insufficient authorization of linked device synchronization messages. Internal researchers on the

8 Malicious NPM Packages Stole Chrome User Data on Windows

JFrog researchers found eight malicious NPM packages using 70 layers of obfuscation to steal data from Chrome browser…

GHSA-v2ch-c8v8-fgr7: Versity panic induced by AWS chunked data sent to port

Sending AWS chunk data with no Content-Length HTTP header causes the panic, every time. ### Reproduction Setup versity server running on port 7071, no SSL (for ease of packet tracing with tshark). Problem can be reproduced with or without SSL on the versity end. Use nginx to reverse proxy on port 7070. This does have to be SSL enabled for the repro to occur. nginx config: ``` upstream tony_versity { server 127.0.0.1:7071; keepalive 15; } server { listen 7070 ssl ; access_log /var/log/nginx/tony_versity_proxy.access.log; error_log /var/log/nginx/tony_versity_proxy.error.log; # Allow any size file to be uploaded. client_max_body_size 0; # Allow special characters in headers ignore_invalid_headers off; # Disable buffering proxy_buffering off; proxy_request_buffering off; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; ssl_certificate "/WS/TEMP/lh.crt"; ss...

Red Hat Trusted Artifact Signer can now be hosted on RHEL

Organizations looking to better understand the lineage of their software artifacts have begun to adopt signing as a way to improve their security posture. By applying digital signatures to software artifacts, trust can be established to verify that assets have not been substituted or tampered with through the software development and delivery process.Red Hat Trusted Artifact Signer, a key component of Red Hat’s Trusted Software Supply Chain portfolio, provides a suite of tools that supports signing and verifying assets from first commit to deployment. Since Trusted Artifact Signer was first

CISA Adds Citrix and Git Flaws to KEV Catalogue Amid Active Exploitation

CISA has added three actively exploited vulnerabilities in Citrix and Git to its KEV Catalogue. Federal agencies must…

Affiliates Flock to ‘Soulless’ Scam Gambling Machine

Last month, KrebsOnSecurity tracked the sudden emergence of hundreds of polished online gaming and wagering websites that lure people with free credits and eventually abscond with any cryptocurrency funds deposited by players. We've since learned that these scam gambling sites have proliferated thanks to a new Russian affiliate program called "Gambler Panel" that bills itself as a "soulless project that is made for profit."

Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack

A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted…