DEBIAN-CVE-2026-7361

Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

EUVD-2026-26187

Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-7361

Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Critical...

CVE-2026-41398

OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting...

CVE-2026-41398

OpenClaw (npm package) is affected by an improper access-control vulnerability in the iOS A2UI bridge prior to 2026.4.2. A local-network or tailnet page can be loaded to a vulnerable session and trigger unauthorized agent.request runs, polluting session state and depleting budget. The issue is fi...

CVE-2026-41398

OpenClaw before 2026.4.2 contains an improper access control vulnerability in the iOS A2UI bridge that treats generic local-network pages as trusted origins. Attackers can inject unauthorized agent.request runs by loading attacker-controlled pages from local-network or tailnet hosts, polluting...

KLA91010 Multiple vulnerabilities in Google Chrome

Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: 1. A remote code execution vulnerability in Canvas can be exploited remotely to execute arbitrar...

A week in security (April 20 – April 26)

Last week on Malwarebytes Labs: Medical data of 500,000 UK volunteers listed for sale on Alibaba How cyberattacks on companies affect everyone Apple fixes iOS bug that kept deleted notifications, including chat previews Roblox clamps down on chats and age checks as legal pressure builds Malicious...

CVE-2026-28950

A logging issue was addressed with improved data redaction. This issue is fixed in iOS 15.8.8 and iPadOS 15.8.8, iOS 16.7.16 and iPadOS 16.7.16, iOS 18.7.8 and iPadOS 18.7.8, iOS 26.4.2 and iPadOS 26.4.2, iPadOS 17.7.11. Notifications marked for deletion could be unexpectedly retained on the devi...

Cisco IOS XE Software IOx Application Hosting Environment CRLF Injection (cisco-sa-iox-crlf-NvgKTKJZ)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A vulnerability in the web-based Cisco IOx application hosting environment management interface of Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform a carriage return lin...

Apple fixes iOS bug that kept deleted notifications, including chat previews

Apple has released a software update that deals with an issue that could allow deleted notifications to be retrieved. Something that, in at least one reported case, was used by law enforcement during forensic analysis. Apple fixed the issue in iOS and iPadOS versions 18.7.8 and 26.4.2 check...

Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages

Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 CVSS score: N/A, has been described as a logging issue that has been addressed with improved dat...

PT-2026-34270

Name of the Vulnerable Software and Affected Versions Cisco ISE affected versions not specified Cisco ISE-PIC affected versions not specified Description Insufficient validation of user-supplied input allows an authenticated remote attacker with valid administrative credentials to execute arbitra...

FakeWallet crypto stealer spreading through iOS apps in the App Store

In March 2026, we uncovered more than twenty phishing apps in the Apple App Store masquerading as popular crypto wallets. Once launched, these apps redirect users to browser pages designed to look similar to the App Store and distributing trojanized versions of legitimate wallets. The infected ap...

PT-2026-38090

Name of the Vulnerable Software and Affected Versions Google Chrome on iOS versions prior to 148.0.7778.96 Description A use after free issue in the mobile component allows a remote attacker to execute arbitrary code via a crafted HTML page, provided they can convince a user to perform specific U...

catbyte-toolkit

cb - Binary Analysis Toolkit for macOS/iOS Security Research...

SUSE CVE-2026-5898

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

EUVD-2026-20722

Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

Linux Distros Unpatched Vulnerability : CVE-2026-5898

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect security UI in Omnibox in Google Chrome on iOS prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. Chromi...

Cisco IOS XE Software Release 3E HTTP Server DoS (cisco-sa-ios-http-dos-sbv8XRpL)

According to its self-reported version, Cisco IOS-XE Software is affected by a vulnerability. - A denial of service DoS vulnerability exists in Cisco IOS XE Software due to improper validation of user-supplied input. An authenticated remote attacker can exploit this issue, via sending malformed...