ThreatsDay Bulletin: CarPlay Exploit, BYOVD Tactics, SQL C2 Attacks, iCloud Backdoor Demand & More

From unpatched cars to hijacked clouds, this week's Threatsday headlines remind us of one thing — no corner of technology is safe. Attackers are scanning firewalls for critical flaws, bending vulnerable SQL servers into powerful command centers, and even finding ways to poison Chrome's settings t...

A week in security (September 8 – September 14)

Last week on Malwarebytes Labs: AI browsers or agentic browsers: a look at the future of web surfing From Fitbit to financial despair: How one woman lost her life savings and more to a scammer Meta ignored child sex abuse in VR, say whistleblowers When AI chatbots leak and how it happens Fake...

iCloud Calendar infrastructure abused in PayPal phishing campaign

Once again, phishers are targeting PayPal users by abusing existing legitimate infrastructure. Only this time they’re not abusing PayPal’s platform, but iCloud Calendar invites. Our friends over at BleepingComputer unraveled a call-back phishing scam which was sent to one of their readers. “Pedro...

Linux Distros Unpatched Vulnerability : CVE-2016-7654

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before...

Linux Distros Unpatched Vulnerability : CVE-2017-7064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected...

Linux Distros Unpatched Vulnerability : CVE-2017-2354

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. iCloud before 6.1.1 is affected. iTunes befo...

Linux Distros Unpatched Vulnerability : CVE-2016-7645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. iCloud before 6.1 is affected. iTunes before...

Linux Distros Unpatched Vulnerability : CVE-2017-7046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected...

Linux Distros Unpatched Vulnerability : CVE-2017-7041

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. iCloud before 6.2.2 on Windows is affected...

PT-2025-31957 · Undefined · Undefined

Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...

CVE-2025-43276

A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time...

Apple macOS Sequoia has an unspecified vulnerability (CNVD-2025-18411)

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia contains a security vulnerability that can be exploited by attackers to cause iCloud Private Relay to fail to activate when multiple users are logged in at the same time...

CVE-2025-43276

A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time...

CVE-2025-43276

A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time...

Apple macOS 安全漏洞

Apple macOS Sequoia is an operating system from the American company Apple Apple. Apple macOS Sequoia contains a security vulnerability that can be exploited by attackers to cause iCloud Private Relay to fail to activate when multiple users are logged in at the same time...

CVE-2025-43276

A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time...

CVE-2025-43276

A logic error was addressed with improved error handling. This issue is fixed in macOS Sequoia 15.6. iCloud Private Relay may not activate when more than one user is logged in at the same time...

CVE-2025-43276

Technical details about CVE-2025-43276 (affected product, root cause, impact, or fix specifics) are not publicly provided in the supplied documents. Monitor for updates from official advisories and CVE records for concrete technical information.

PT-2025-31339 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.6 Description: A logic error was addressed with improved error handling. iCloud Private Relay may not activate when more than one user is logged in simultaneously. Recommendations: Update to version 15.6...

webkitgtk: Input validation issue may lead to cross site scripting

An input validation issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing maliciously crafted web content may lead to ...