282 iOS AI Apps Leak API Keys and Open AI Proxy Access in Network Traffic Study
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers tested 444 AI chatbot apps for iPhone and found that 282 of them, nearly two-thirds, exposed paid AI access through their network traffic
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices
Cybersecurity researchers say the GitHub leak threatens to "democratize" iPhone exploits that were once reserved for nation-states, potentially putting hundreds of millions of iOS 18 devices at risk. The post DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses appeared first on CyberScoop.
Also: EU Bans AI Tools, Notepad++ Secures Updater, Apple Patches iOS Zero-DayThis week, Cambodia shuttered 200 scam centers. EU Parliament banned AI tools. Canada Goose disputed a ShinyHunters leak. Notepad++ patched an updater flaw. Apple fixed a decades-old iOS zero-day. BeyondTrust and Dell patched critical flaws under active exploitation.
PLUS: India wants to build big airliners; Half of South Koreans caught in data leak; Minimum wage for gig workers in Oz; And more! Asia in Brief Singapore’s government last week told Google and Apple to prevent fake government messages.…
A new leaked benchmark shows Apple's alleged M5 chip on an iPad, and it's almost as fast as a desktop CPU. [...]
A new leaked benchmark shows Apple's alleged M5 chip on an iPad, and it's almost as fast as a desktop CPU. [...]
One third of Android and over half iOS apps shown to be leaking insecure APIs and hardcoded secrets
Proton fixed a bug in its new Authenticator app for iOS that logged users' sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. [...]
Attackers could use a recently patched macOS vulnerability to bypass Transparency, Consent, and Control (TCC) security checks and steal sensitive user information, including Apple Intelligence cached data. [...]
Also: Infostealer Malware Compromises Mexican Government ComputersThis week, DeepSeek exposed sensitive data, hackers exploited unpatched Zyxel flaws, infostealer malware on Mexican government computers, Smiths Group incident, PowerSchool breach notifications, an Apple zero-day, XWorm RAT backdoor, and Credit Control Corporation settled a lawsuit.
A team of security researchers from Georgia Institute of Technology and Ruhr University Bochum has demonstrated two new side-channel attacks targeting Apple silicon that could be exploited to leak sensitive information from web browsers like Safari and Google Chrome
Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer
iPhone Maker Seeks Voluntary Dismissal, Citing Concerns Over Sensitive Data LeakingApple has filed a motion to dismiss its lawsuit against NSO Group, citing concerns over the potential exposure of sensitive threat intelligence information. The tech giant believes continuing the lawsuit could compromise its ability to protect users and lead to the disclosure of sensitive data.
Beyond the devices that use them, Wi-Fi hubs themselves can leak interesting data, thanks to some quirks in Apple's geolocation system.
Also: The leaked Apple internal tools that weren't; TV pirate pirates convicted; and some critical vulns, too Infosec in brief The descending ball of trouble over at Snowflake keeps growing larger, with more victims – and even one of the alleged intruders – coming forward last week.…
And the iOS titan doesn't seem that bothered with this data leaking out Last week, Apple began requiring iOS developers justify the use of a specific set of APIs that could be used for device fingerprinting. Yet the iGiant doesn't appear to be making much effort to ensure that Google, Meta, and Spotify comply with the rules, it's claimed.…
A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic operations
Short of rearchitecting hardware, the fix will seriously degrade performance Apple is having its own Meltdown/Spectre moment with a new side-channel vulnerability found in the architecture of Apple Silicon processors that gives malicious apps the ability to extract cryptographic keys. …
Rare occasion when you do want Big Tech to make a hash of it Google has enhanced its Safe Browsing service to enable real-time protection in Chrome for desktop, iOS, and soon Android against risky websites, without sending browsing history data to the ad biz.…