Aggregator

A vulnerability categorized as critical has been discovered in Apple iOS and iPadOS. The impacted element is an unknown function of the component Image Handler. Such manipulation leads to buffer overflow. This vulnerability is listed as CVE-2024-23286. The attack may be performed from remote. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability identified as critical has been detected in Apple macOS. This affects an unknown function of the component Image Handler. Performing a manipulation results in buffer overflow. This vulnerability is cataloged as CVE-2024-23286. It is possible to initiate the attack remotely. There is no exploit available. You should upgrade the affected component.

A vulnerability labeled as critical has been found in Apple watchOS. This impacts an unknown function of the component Image Handler. Executing a manipulation can lead to buffer overflow. This vulnerability is registered as CVE-2024-23286. It is possible to launch the attack remotely. No exploit is available. The affected component should be upgraded.

A vulnerability labeled as problematic has been found in Apple iOS and iPadOS. Affected by this issue is some unknown functionality. The manipulation results in insecure temporary file. This vulnerability is cataloged as CVE-2024-23287. The attack must be initiated from a local position. There is no exploit available. The affected component should be upgraded.

A vulnerability marked as critical has been reported in Apple macOS up to 14.3. Affected by this vulnerability is an unknown functionality. This manipulation causes symlink following. This vulnerability is tracked as CVE-2024-23285. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.

嗯，用户让我总结一下这篇文章的内容，控制在100个字以内，而且不需要用“文章内容总结”这样的开头。首先，我需要仔细阅读文章，理解主要事件和关键点。 文章讲的是Axios的两个恶意版本被发布到npm上，通过被入侵的维护者账户。这两个版本添加了一个带有后门脚本的恶意依赖项，导致了远程访问木马的传播。虽然这些包很快被移除了，但还是影响了多个开发者工作站和Docker容器。文章还提到了检测到的行为、狩猎查询以及推荐的应对措施。 接下来，我需要将这些信息浓缩到100字以内。要抓住主要事件：Axios版本被恶意发布、依赖项后门、RAT传播、影响范围以及应对措施。 可能会遗漏一些技术细节，比如具体的IOC或查询，但这些不是总结的重点。重点是事件的影响和处理建议。 最后，确保语言简洁明了，不使用复杂的术语，让读者一目了然。 2026年3月31日，Axios的两个恶意版本通过被入侵的维护者账户发布到npm。这些版本包含一个带有后门脚本的恶意依赖项，导致远程访问木马传播至开发者工作站和Docker容器。事件引发安全警报，并建议组织加强供应链安全、监控异常活动并修复受影响系统。

Microsoft has officially begun force-upgrading unmanaged Windows 11 version 24H2 devices to version 25H2, marking the final phase of a staged rollout that relies on machine learning to determine device readiness. The move, confirmed in an updated Windows Release Health Dashboard entry, affects all Home and Pro edition devices not managed by IT departments. Starting […]

The post Microsoft Forcing Upgrades to Unmanaged Windows 11, Version 24H2 appeared first on Cyber Security News.

Cybersecurity researchers have discovered a new version of the SparkCat malware on the Apple App Store and Google Play Store, more than a year after the trojan was discovered targeting both the mobile operating systems. The malware has been found to conceal itself within seemingly benign apps, such as enterprise messengers and food delivery services, while

好的，我现在要帮用户总结这篇文章的内容。用户的要求是用中文，控制在100字以内，不需要特定的开头，直接描述文章内容。 首先，我需要快速阅读文章，抓住主要信息。文章讲的是研究人员在苹果和谷歌应用商店发现了SparkCat恶意软件的新版本。这个恶意软件隐藏在看似无害的应用中，比如企业通讯和送餐服务，悄悄扫描用户的相册，寻找加密货币钱包的恢复短语。 然后，Kaspersky公司发现了两个感染的应用在App Store，一个在Google Play Store，主要针对亚洲的加密货币用户。iOS版本扫描的是英文短语，可能影响更广泛的地区。Android版本增加了混淆层，并且扫描日语、韩语和中文关键词。 SparkCat最初是在2025年2月被记录的，利用OCR模型从相册中提取钱包恢复短语。最新的改进显示这是一个活跃演变的威胁，背后的威胁行为者可能是中文使用者。 最后，研究人员建议使用安全解决方案来保护手机免受各种网络威胁。 现在我要把这些信息浓缩到100字以内。重点包括：发现新版本、隐藏在应用中、扫描相册找恢复短语、针对亚洲加密货币用户、技术手段如混淆层和OCR模块、以及背后的技术能力。 可能的结构是：研究人员发现SparkCat新版本隐藏于应用商店中的 benign apps 中，扫描相册找加密货币钱包短语。iOS版影响更广，Android版针对亚洲用户，并采用混淆技术。这显示了恶意软件的活跃性和背后的技术实力。 研究人员发现 SparkCat 恶意软件新版本藏于苹果和谷歌应用商店中的 benign apps 中，扫描用户相册以寻找加密货币钱包恢复短语。iOS 版本影响更广，而 Android 版本则针对亚洲用户并采用混淆技术。此恶意软件显示活跃进化特性及背后技术能力。

Карта отклонена, перевод завис, фото не грузит. Ваша пятница в пяти словах.

A former core infrastructure engineer has pleaded guilty to locking Windows admins out of 254 servers as part of a failed extortion plot targeting his employer, an industrial company headquartered in Somerset County, New Jersey. [...]

A vulnerability classified as critical was found in Apple visionOS. Affected is an unknown function of the component Web Content Handler. The manipulation results in improper restriction of rendered ui layers. This vulnerability is known as CVE-2024-23284. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.

A vulnerability, which was classified as critical, has been found in Apple tvOS. Affected by this vulnerability is an unknown functionality of the component Web Content Handler. This manipulation causes improper restriction of rendered ui layers. This vulnerability is handled as CVE-2024-23284. The attack can be initiated remotely. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in Apple tvOS. Affected by this issue is some unknown functionality of the component Webpage Handler. This manipulation causes information disclosure. This vulnerability appears as CVE-2024-23280. The attack may be initiated remotely. There is no available exploit. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Apple iOS and iPadOS. This affects an unknown part of the component Webpage Handler. Such manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-23280. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in Apple Safari. This vulnerability affects unknown code of the component Webpage Handler. Performing a manipulation results in information disclosure. This vulnerability is known as CVE-2024-23280. Remote exploitation of the attack is possible. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple macOS. This issue affects some unknown processing of the component Webpage Handler. Executing a manipulation can lead to information disclosure. This vulnerability is handled as CVE-2024-23280. The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.

A vulnerability has been found in Apple watchOS and classified as problematic. Impacted is an unknown function of the component Webpage Handler. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-23280. The attack is possible to be carried out remotely. No exploit exists. The affected component should be upgraded.

A vulnerability was found in Apple macOS. It has been declared as critical. This affects an unknown function. Such manipulation leads to sandbox issue. This vulnerability is referenced as CVE-2024-23278. The attack can only be performed from a local environment. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple watchOS. It has been rated as critical. This impacts an unknown function. Performing a manipulation results in sandbox issue. This vulnerability is identified as CVE-2024-23278. The attack is only possible with local access. There is not any exploit available. Upgrading the affected component is advised.