Too Private to Tell: Practical Token Theft Attacks on Apple Intelligence

Apple Intelligence is a generative AI GenAI service provided by Apple on its devices. While offering a similar set of features as other similar GenAI services, Apple Intelligence is claimed to be designed with an extra focus on user security and privacy through a two-stage authentication and...

New Mexico’s Meta Ruling and Encryption

Mike Masnick points out that the recent New Mexico court ruling against Meta has some bad implications for end-to-end encryption, and security in general: If the "design choices create liability" framework seems worrying in the abstract, the New Mexico case provides a concrete example of where it...

Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS. The vulnerability, tracked as CVE-2026-20643 CVSS score: N/A, has been described as a cross-origin issue in WebKit's Navigation API that could be...

Moderate: Red Hat Security Advisory: Insights proxy Container Image

Initial GA Release of Red Hat Insights proxy The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights. The Insights proxy routes al...

Important: Red Hat Security Advisory: Insights proxy Container Image

Initial GA Release of Red Hat Insights proxy The Insights proxy Container is used by the Insights proxy product RPM and serves as an intermediary between cystomer systems in disconnected networks, air-gapped systems or systems with no outside connections and Insights. The Insights proxy routes al...

EUVD-2010-1854

Malware in sbrugna...

EUVD-2019-15340

Malware in sbrugna...

EUVD-2017-9261

Malware in sbrugna...

EUVD-2023-26158

Malicious code in bioql PyPI...

Vulnerabilities fixed in Apple iOS and iPadOS

Apple has fixed vulnerabilities in iOS and iPadOS. The vulnerabilities include several problems such as unauthorized access to sensitive user data, memory management issues, and vulnerabilities that could lead to denial-of-service or unexpected application crashes. These vulnerabilities could be...

CVE-2023-23543

The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. A sandboxed app may be able to determine which app is currently using the camera...

CVE-2023-23624

Discourse is an open-source discussion platform. Prior to version 3.0.1 on the stable branch and version 3.1.0.beta2 on the beta and tests-passed branches, someone can use the excludetag param to filter out topics and deduce which ones were using a specific hidden tag. This affects any Discourse...

23andMe and its customers’ genetic data bought by a pharmaceutical org

The bankrupt genetic testing company 23andMe has been scooped up by drug producer Regeneron Pharmaceuticals for $256 million dollars. But why would a pharmaceutical company like Regeneron buy a bankrupt genetics testing company like 23andMe for such a large amount of money? Well, Regeneron is a...

CVE-2024-40838

A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Sequoia 15. A malicious app may be able to access notifications from the user's device...

Where to find Opera’s Privacy and Security team online

Security Where to find Opera’s Privacy and Security team online Share September 27th, 2023 Hello everyone! Through this blog, we strive to offer timely updates and important information about Opera and our products. This helps us maintain an open line of communication with our users, particularly...

Apple and Google Join Forces to Stop Unauthorized Location-Tracking Devices

Apple and Google have teamed up to work on a draft industry-wide specification that's designed to tackle safety risks and alert users when they are being tracked without their knowledge or permission using devices like AirTags. "The first-of-its-kind specification will allow Bluetooth...

Why strong security solutions are critical to privacy protection

The security community is continuously changing, growing, and learning from each other to better position the world against cyberthreats. In the latest post of our Voice of the Community blog series, Microsoft Security Senior Product Marketing Manager Brooke Lynn Weenig talks with Ann Cavoukian,...

CVE-2019-5767

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK...

A Chief Security Concern for Executive Teams

Virtually all companies like to say they take their customers' privacy and security seriously, make it a top priority, blah blah. But you'd be forgiven if you couldn't tell this by studying the executive leadership page of each company's Web site. That's because very few of the world's biggest...

ObiHai ObiPhone 1032/1062 < 5-0-0-3497 - Multiple Vulnerabilities

ObiHai ObiPhone - Multiple Vulnerabilities ------------------------------------------ Introduction ============ Multiple vulnerabilities were discovered in the web management interface of the ObiHai ObiPhone products. The Vulnerabilities were discovered during a black box security assessment and...