MAL-2026-3150 Malicious code in apple-cktool-api-v2 (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

Malicious code in apple-cktool-api-v2 (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

Malicious Package

Overview apple-cloudkit-internal is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...

MAL-2026-2918 Malicious code in apple-cloudkit-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cfcd7e5376478b86db5942e2492ae0763bad14dda004c55988edf420f5e62ce The package apple-cloudkit-internal was found to contain malicious code. Source: ghsa-malware...

Malicious code in apple-cloudkit-internal (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1cfcd7e5376478b86db5942e2492ae0763bad14dda004c55988edf420f5e62ce The package apple-cloudkit-internal was found to contain malicious code. Source: ghsa-malware...

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale Cloudkit are now addressed in 5.2.3.6 and 6.0.0.1 (CVE-2025-47914, CVE-2025-58181, CVE-2025-47913)

Summary The following security vulnerabilities impacting deployments utilizing IBM Storage Scale CloudKit have been addressed in 5.2.3.6 and later, and 6.0.0.1 and later. These issues could have resulted in reduced security assurances under certain configurations. Vulnerability Details...

About the security content of visionOS 26.1

About the security content of visionOS 26.1 This document describes the security content of visionOS 26.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...

About the security content of tvOS 26.1

About the security content of tvOS 26.1 This document describes the security content of tvOS 26.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available...

About the security content of watchOS 26.1

About the security content of watchOS 26.1 This document describes the security content of watchOS 26.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...

About the security content of watchOS 26.1

About the security content of watchOS 26.1 This document describes the security content of watchOS 26.1. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are availabl...

EUVD-2015-3818

Malware in sbrugna...

Security Bulletin: The following vulnerabilities that can affect IBM Storage Scale and the Cloudkit are now included (CVE-2025-30204)

Summary The following vulnerabilities that can affect IBM Storage Scale and the Cloudkit and could provide weaker than expected security are now fixed CVE-2025-30204. Vulnerability Details CVEID:CVE-2025-30204 DESCRIPTION: golang-jwt is a Go implementation of JSON Web Tokens. Starting in version...

Malicious code in com.apple.unityplugin.arcade.cloudkit (npm)

The package com.apple.unityplugin.arcade.cloudkit was found to contain malicious code...

Security Bulletin: Multiple vulnerabilities which can affect IBM Storage Scale cloudkit and CES S3 are now addressed. (CVE-2025-22868, CVE-2025-22869)

Summary There are several vulnerabilities in IBM Storage Scale which could provide weaker than expected security that are now addressed CVE-2024-45337, CVE-2024-45338 Vulnerability Details CVEID:CVE-2025-22868 DESCRIPTION: An attacker can pass a malicious malformed token which causes unexpected...

About the security content of Apple TV 7.2.1 - Apple Support

For the protection of our customers, Apple does not disclose, discuss, or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. To learn more about Apple Product Security, see the Apple Product Security website. For information about...

Apple iOS < 8.4.1 Multiple Vulnerabilities

Binary data 8978.prm...

APPLE-SA-2015-08-13-3 iOS 8.4.1

APPLE-SA-2015-08-13-3 iOS 8.4.1 iOS 8.4.1 is now available and addresses the following: AppleFileConduit Available for: iPhone 4s and later, iPod touch 5th generation and later, iPad 2 and later Impact: A maliciously crafted afc command may allow access to protected parts of the filesystem...

CVE-2015-3782

CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app...

Code injection

CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app...

CVE-2015-3782

CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows attackers to access an iCloud user record associated with a previous user's login session via a crafted app...