Apple Patches iOS Flaw Allowing Recovery of Deleted Chats
Apple rolled out the security patches for dozens of iPhone and iPad models and generations. The post Apple Patches iOS Flaw Allowing Recovery of Deleted Chats appeared first on SecurityWeek.
Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Vercel on Wednesday revealed that it has identified an additional set of customer accounts that were compromised as part of a security incident that enabled unauthorized access to its internal systems. The company said it made the discovery after expanding its investigation to include an extra set of compromise indicators,Read More »Vercel Finds More Compromised Accounts in Context.ai-Linked Breach
Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
Apple has rolled out a software fix for iOS and iPadOS to address a Notification Services flaw that stored notifications marked for deletion on the device. The vulnerability, tracked as CVE-2026-28950 (CVSS score: N/A), has been described as a logging issue that has been addressed with improved data redaction. “NotificationsRead More »Apple Fixes iOS Flaw That Let FBI Recover Deleted Signal Messages
Recent Microsoft Defender Vulnerability Exploited as Zero-Day
The flaw allows attackers to access the SAM database, extract NTLM hashes, and gain System privileges. The post Recent Microsoft Defender Vulnerability Exploited as Zero-Day appeared first on SecurityWeek.
Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Cybersecurity researchers have warned of malicious images pushed to the official “checkmarx/kics” Docker Hub repository. In an alert published today, software supply chain security company Socket revealed that unknown threat actors managed to have overwritten existing tags, including v2.1.20 and alpine, while also introducing a new v2.1.21 tag that doesRead More »Malicious KICS Docker Images and VS Code Extensions Hit Checkmarx Supply Chain
Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Cybersecurity researchers have flagged a fresh set of packages that have been compromised by bad actors to deliver a self-propagating worm that spreads through stolen developer npm tokens. The supply chain worm has been detected by both Socket and StepSecurity, with the companies tracking the activity under the name CanisterSprawlRead More »Self-Propagating Supply Chain Worm Hijacks npm Packages to Steal Developer Tokens
Unauthorized Users Accessed Claude Mythos, New Reports Suggest
Anthropic’s new AI model may have been accessed by unauthorized users.
Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
The threat actor known as Harvester has been attributed to a new Linux version of its GoGra backdoor deployed as part of attacks likely targeting entities in South Asia. “The malware uses the legitimate Microsoft Graph API and Outlook mailboxes as a covert command-and-control (C2) channel, allowing it to bypassRead More »Harvester Deploys Linux GoGra Backdoor in South Asia Using Microsoft Graph API
After Bluesky, Mastodon Targeted in DDoS Attack
The DDoS attack caused a major outage, but Mastodon mitigated it within a few hours. The post After Bluesky, Mastodon Targeted in DDoS Attack appeared first on SecurityWeek.
Hackers Claim 19M Records Stolen From French Government Agency
The France Titres discovered a security incident.