➀ Apple has doubled its top bug bounty payout to $2 million, with potential to exceed $5 million with bonuses;
➁ The largest payout is for zero-click chain flaws, which are remote attacks without user interaction;
➂ Apple's increased payouts reflect the rarity and potential danger of these types of security flaws.
➀ Microsoft warns that the MacOS malware XCSSET has evolved significantly since earlier this year, with key changes in its browser targeting, clipboard hijacking, and persistence mechanisms.
➁ The latest variant targets Xcode software developers on MacOS, monitoring the clipboard for cryptocurrency wallet addresses and replacing them with its own.
➂ Microsoft has collaborated with Apple and GitHub to mitigate the threat, and provides tips for users to protect themselves.
➀ Cloudflare successfully mitigated two massive DDoS attacks, peaking at 22.2 Tbps and 10.6 Bpps.
➁ The attacks were twice as large as anything seen on the internet before.
➂ Cloudflare attributed one of the attacks to a combination of IoT and cloud providers, including Google Cloud.
➀ Eito Miyamura and his team demonstrated how ChatGPT can be tricked into revealing sensitive email data using a vulnerability in the Model Context Protocol (MCP);
➁ The vulnerability allows attackers to send a calendar invite with a jailbreak prompt to the victim's email address;
➂ ChatGPT is then manipulated to read the email and send sensitive information back to the attackers without the need for the invite to be accepted.
➀ Secure boot ensures only authenticated firmware runs on IoT devices by verifying cryptographic signatures during startup;
➁ It protects against malware injections and unauthorized code execution in low-end embedded systems with limited user oversight;
➂ The mechanism enhances tamper resistance by validating firmware integrity across bootloader, kernel and critical components.
➀ Black hat hackers have shown no bounds of cruelty in their operations, disregarding ethical considerations.
➁ A recent ransomware attack on the Maryland Transit Administration (MTA) has impacted its paratransit service for disabled people.
➂ The MTA is collaborating with the Maryland Department of Information Technology and third-party cybersecurity experts to investigate and mitigate the impact of the attack.
➀ Silicon Labs announces SiXG301 as the world's first PSA Level 4 iSE/SE-certified SoC, offering advanced hardware/software protection against attacks like laser fault injection and side-channel vulnerabilities.
➁ The 22nm SoC, designed for IoT/edge devices, supports over-a-decade field operation with OTA updates and real-time monitoring, set for Q3 2025 availability.
➂ Collaboration with Keysight Labs validated the security features, addressing emerging threats once deemed theoretical.
➀ An estimated $1 billion was extorted by ransomware gangs last year, and projections suggest they could generate $265 billion annually within six years.
➁ A ransomware attack on a 158-year-old transport company, KNP, resulted in over 700 job losses due to a weak password being exploited.
➂ The Akira gang, known for sophisticated encryption techniques, attacked KNP but did not specify a ransom amount.
➀ DigitalMint, a financial cybersecurity firm, is investigating one of its former employees for alleged collaboration with ransomware gangs to receive illegal payments.
➁ Negotiators are often called upon to handle discussions with hackers on behalf of victims, and DigitalMint specializes in managing ransomware incidents and facilitating secure payments.
➂ The incident has raised concerns about the operations of data recovery and financial cybersecurity firms, following previous reports of deception by firms claiming to recover data through specialized methods while simply paying the ransom and charging clients extra.
➀ Security researchers have revealed a serious vulnerability in ASUS Armoury Crate software;
➁ The flaw allows hackers to gain admin access to computers;
➂ The vulnerability is tracked as CVE-2025-3464 and affects the As103.sys functionality of the software.
➀ Despite spam controls, email addresses can still be targeted by marketers.
➁ Clicking the 'Unsubscribe' link can be ineffective and pose security risks.
➂ Security experts recommend using 'list-unsubscriber headers' or marking emails as spam instead.
➀ Amazon introduces a new version of its popular Blink Video Doorbell with exceptional battery life, offering up to two years of continuous security coverage with three AA Energizer lithium batteries.
➁ The new Blink Video Doorbell comes with a head-to-toe HD view, 1440p video resolution, a 150-degree field of view, and improved IP65 water resistance.
➂ The doorbell requires the new Sync Module Core and offers a 1-year subscription bundle for cloud storage and smart notifications.
➀ As tempting as it might be, avoid using 0000 as your four-digit PIN code.
➁ According to a list compiled by security experts, 1010, 1111, 1122, and 1212 are among the top five worst PIN codes.
➂ The article discusses the risks of using common PIN codes and suggests changing them if they appear on the top 50 list.
➀ The 3AM ransomware group has been using more proactive techniques, such as email bombing and spoofed IT support calls, to gain access to corporate systems.
➁ Sophos has documented over 55 attempted attacks using this technique in the first quarter of 2025.
➂ The attackers used a pre-configured Windows 7 virtual machine to establish a hidden foothold and evade network protection software.
➀ Valve has responded to reports of a major data breach involving 89 million Steam user records;
➁ Underdark.ai highlighted a dark web forum post by a hacker claiming to possess the data;
➂ Valve asserts that there was no breach of Steam systems and no sensitive data was compromised.
➀ The FBI has issued a warning about hackers targeting old router models, recommending users replace compromised devices or disable remote administration.
➁ The FBI lists over a dozen router models that are vulnerable to attacks and no longer receive updates.
➂ The article suggests upgrading to newer models, such as Wi-Fi 6 or 6E, for better security and support.
➀ Microsoft is enhancing its efforts against passwords by introducing a key change for new accounts;
➁ Existing users are encouraged to switch to passkeys;
➂ The company aims to auto-detect the safest login method for users.
➀ Io_uring was introduced in 2019 to improve the efficiency and flexibility of input and output operations on Linux, but it also created critical blind spots for Linux security tools.
➁ Security researchers have discovered that io_uring operations can completely evade conventional system call monitoring, leading to undetectable activities.
➂ A rootkit called Curing was built to exploit this vulnerability, which can execute commands, read files, and interact with the network without detectable system calls.
➀ Crypto Quantique, a provider of quantum-driven silicon IP, has launched a new lightweight RoT IP block named QRoot Lite.
➁ The block complies with the MARS specification for secure device health and trustworthiness attestation.
➂ It is designed for integration into small systems and offers functions for device identity, measurement, and attestation.
