CISA warns of Apple flaws exploited in spyware, crypto-theft attacks
CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]
Flaw abused 'in an extremely sophisticated attack against specific targeted individuals' Apple patched a zero-day vulnerability affecting every iOS version since 1.0, used in what the company calls an "extremely sophisticated attack" against targeted individuals.…
Both admit attackers were already exploiting the bugs, with scant detail and hints of spyware-grade abuse Apple and Google have both issued emergency patches after zero-day bugs were caught being actively exploited in what the companies describe as "sophisticated" real-world attacks.…
Apple on Monday backported fixes for a recently patched security flaw that has been actively exploited in the wild
CVE-2025-43300 is the latest zero-day bug used in cyberattacks against "targeted individuals," which could signify spyware or nation-state hacking.
Apple has disclosed that a now-patched security flaw present in its Messages app was actively exploited in the wild to target civil society members in sophisticated cyber attacks
Also: A Romanian Botnet and Alcohol Counselor Monument Settles with US FTC Over AdsThis week, Sisense supply chain attack, a likely Romanian botnet, Patch Tuesday, an Apple spyware warning and AT&T notifies customers of breach. Alcohol counselor Monument shared data with Meta, a breach of Home Depot employee data, a breach at Targus and a threat actor targeted Moroccan activists.
Real-World Scenarios Are Sketchy But Researchers Warn: 'Assume Spyware; Update Now'Apple pushed out an emergency security update for two critical zero-day flaws that attackers are using to carry out memory corruption attacks on iPhone and iPad devices. The tech giant's latest patch addressed its third zero-day vulnerability this year.
Vulnerabilities may be linked to commercial spyware operations
Holes in iOS, macOS and more fixed following tip off from Google, Citizen Lab Apple emitted patches this week to close security holes that have been exploited in the wild by commercial spyware.…
Security researchers with The Citizen Lab and Google's Threat Analysis Group (TAG) revealed today that three zero-days patched by Apple on Thursday were abused as part of an exploit chain to install Cytrox's Predator spyware. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies today to patch security vulnerabilities abused as part of a zero-click iMessage exploit chain to infect iPhones with NSO Group's Pegasus spyware. [...]
No user interaction needed for this one as Pegasus turns up via iMessage Apple devices are again under attack, with a zero-click, zero-day vulnerability used to deliver Pegasus spyware to iPhones discovered in the wild.…
Apple on Thursday released emergency security updates for iOS, iPadOS, macOS, and watchOS to address two zero-day flaws that have been exploited in the wild to deliver NSO Group's Pegasus mercenary spyware
Citizen Lab says two zero-days fixed by Apple today in emergency security updates were actively abused as part of a zero-click exploit chain to deploy NSO Group's Pegasus commercial spyware onto fully patched iPhones. [...]
The now-patched flaw that led to the ForcedEntry exploit of iPhones was exploited by both NSO Group and a different, newly detailed surveillance vendor.
A now-patched security vulnerability in Apple iOS that was previously found to be exploited by Israeli company NSO Group was also separately weaponized by a different surveillance vendor named QuaDream to hack into the company's devices