DarkSword: iPhone Exploit Kit Serves Spies & Thieves Alike
A sophisticated iOS exploit chain leverages multiple zero-day vulnerabilities and is targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
A sophisticated iOS exploit chain leverages multiple zero-day vulnerabilities and is targeting users in Saudi Arabia, Turkey, Malaysia, and Ukraine.
Two Apple zero-day vulnerabilities discovered this month have overlap with another mysterious zero-day flaw Google patched last week.
Even when a vulnerability is serious and a fix is available, actually securing cars is more difficult than one would hope.
New details on the Cisco IOS XE vulnerability could help attackers develop a working exploit soon, researchers say.
The technology giant said two zero-day vulnerabilities were used in attacks on iOS devices against "specific targeted individuals," which suggests spyware or nation-state threat activity.
A threat actor leveraged the vulnerability in an "extremely sophisticated" attack on targeted iOS users, the company says.
The vulnerability could allow a threat actor to disable the security feature on a locked device and gain access to user data.
The Apple iOS 18.3 update fixes 28 other vulnerabilities identified by the tech company, though there is little information on them.
Emergent macOS vulnerability lets adversaries circumvent Apple's System Integrity Protection (SIP) by loading third-party kernels.
Proposals from Google and Apple drastically reduce the life cycle of certificates, which should mean more oversight — and hopefully better control.
Popular titles on both Google Play and Apple's App Store include hardcoded and unencrypted AWS and Azure credentials in their codebases or binaries, making them vulnerable to misuse by threat actors.
CVE-2024-44204 is one of two new Apple iOS security vulnerabilities that showcase an unexpected coming together of privacy snafus and accessibility features.
Malicious actors could potentially exploit this vulnerability if they gain physical access to a user's device.
Critical dependency manager supply chain vulnerabilities have exposed millions and millions of devices to arbitrary malware for the better part of decade.
The vulnerability affects not only AirPods, but also AirPods Max, Powerbeats Pro, Beats Fit Pro, and all models of AirPods Pro.
Several Cisco products, including IOS, IOS XE, and AP software, need patching against various high-risk security vulnerabilities.
The available options for addressing the flaw are limited, leaving many Macs vulnerable to a "GoFetch" attack that steals keys — even quantum-resistant ones.
Vulnerability CVE-2024-23204, affecting Apple's popular Shortcuts app, suggests a critical need for ongoing security awareness in the macOS and iOS ecosystem.
Various devices remain vulnerable to the bug, which has existed without notice for years and allows an attacker to control devices as if from a Bluetooth keyboard.
The networking giant discloses new vulnerabilities the same day as warnings get issued that Cisco gear has been targeted in a Chinese APT attack.