Aggregator

A vulnerability has been found in Apple iOS and iPadOS up to 15.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the component Apple Neural Engine. The manipulation leads to Local Privilege Escalation. This vulnerability is known as CVE-2022-32829. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple macOS. This issue affects some unknown processing of the component Kernel. The manipulation leads to Local Privilege Escalation. The identification of this vulnerability is CVE-2022-32829. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Tenda i9 1.0.0.8(3828). Affected is the function set_local_time of the component String Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2022-40106. The attack needs to be done within the local network. There is no exploit available.

The Gujarat Anti-Terrorism Squad (ATS) has arrested an 18-year-old and a minor for orchestrating over 50 coordinated cyberattacks on Indian government websites during the recent military ‘Operation Sindoor’.  The main accused, Jasim Shahnawaz Ansari from Nadiad in Gujarat’s Kheda district, allegedly led multiple Distributed Denial-of-Service (DDoS) attacks targeting critical infrastructure websites while posting anti-national content […]

The post Gujarat Teen Behind 50+ Cyberattacks During ‘Operation Sindoor’ Arrested appeared first on Cyber Security News.

A vulnerability classified as critical was found in Apple iOS and iPadOS up to 15.3.1. This vulnerability affects unknown code of the component WebKit. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability was named CVE-2022-22637. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in UBtech Freepass 1.3.1807.1500. It has been classified as problematic. Affected is an unknown function. The manipulation leads to open redirect. This vulnerability is traded as CVE-2025-23183. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Apple tvOS up to 15.5.1. It has been classified as critical. This affects an unknown part of the component AppleMobileFileIntegrity. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2022-32826. Local access is required to approach this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple watchOS up to 8.6 and classified as critical. Affected by this vulnerability is an unknown functionality of the component AppleMobileFileIntegrity. The manipulation leads to improper authorization. This vulnerability is known as CVE-2022-32826. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Apple macOS. Affected by this issue is some unknown functionality of the component AppleMobileFileIntegrity. The manipulation leads to improper authorization. This vulnerability is handled as CVE-2022-32826. The attack needs to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple iOS and iPadOS up to 15.5. This vulnerability affects unknown code of the component AppleMobileFileIntegrity. The manipulation leads to improper authorization. This vulnerability was named CVE-2022-32826. An attack has to be approached locally. There is no exploit available. It is recommended to upgrade the affected component.

The mission is to gather information that could help Russia in its war against Ukraine.

The hackers used phishing emails containing government-themed lure documents to gain access to targeted systems.

via the cosmic humor & dry-as-the-desert wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Baker’s Units’ appeared first on Security Boulevard.

In a sophisticated cybersecurity attack uncovered this week, Russian threat actors have been observed exploiting multiple cloud service providers to deliver the notorious Lumma Stealer malware. The campaign utilizes legitimate cloud infrastructure—including Oracle Cloud Infrastructure (OCI), Scaleway Object Storage, and Tigris—to host malicious content that targets privileged users across various organizations. Security experts warn this […]

The post Russian Hackers Leverage Oracle Cloud Infrastructure to Scaleway Object Storage appeared first on Cyber Security News.

Cybercriminal campaigns are using fake Ledger apps to target macOS users and their digital assets by deploying malware that attempts to steal seed phrases that protect access to digital cryptocurrency wallets. [...]

Black screen of DRM: Privacy-first messenger blocks Microsoft Recall

The post Signal Gives Microsoft a Clear Signal: Do NOT Recall This appeared first on Security Boulevard.

Alleged Sale of Cracked DarkVision v2.35

Чем компактнее уложено, тем лучше работает?

Earlier this month, Killnet claimed it had hacked Ukraine’s drone-tracking system after disappearing from public view in 2023.

Discover why machine identities are the new security frontier from KuppingerCole EIC 2025. Learn about secrets sprawl, AI agents, and why traditional IAM fails to protect NHIs in this GitGuardian recap.

The post Navigating the New Frontiers of Identity: Insights from KuppingerCole EIC Summit 2025 appeared first on Security Boulevard.