#ios

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added three security flaws, each impacting AMI MegaRAC, D-Link DIR-859 router, and Fortinet FortiOS, to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-54085 (CVSS score: 10.0) - An authentication bypass by spoofing

Kaspersky uncovers SparkKitty, new spyware in Apple App Store & Google Play. Steals photos, targets crypto info, active since early 2024 via malicious apps.

The U.S. House of Representatives has formally banned congressional staff members from using WhatsApp on government-issued devices, citing security concerns. The development was first reported by Axios. The decision, according to the House Chief Administrative Officer (CAO), was motivated by worries about the app's security. "The Office of Cybersecurity has deemed WhatsApp a high-risk to users

The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation (FBI) have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. The attackers exploited a critical Cisco IOS XE software (CVE-2023-20198, CVSS score: 10.0) to access configuration

Like its predecessor, SparkCat, the new malware appears to be going after sensitive data — such as seed phrases for cryptocurrency wallets — in device photo galleries.

Meta Platforms on Wednesday announced that it's adding support for passkeys, the next-generation password standard, on Facebook. "Passkeys are a new way to verify your identity and login to your account that's easier and more secure than traditional passwords," the tech giant said in a post. Support for passkeys is expected to be available "soon" on Android and iOS mobile devices. The feature is

Learn how the North Korean-aligned Famous Chollima is using the a new Python-based RAT, "PylangGhost," to target cryptocurrency and blockchain jobseekers in a campaign affecting users primarily in India.

WhatsApp has announced it will start showing its users targeted ads. Will this be yet another Meta "Pay or OK" choice?

Consider this: Berkshire Hathaway, Warren Buffett’s $700 billion conglomerate, operates one of the most influential investor websites on…

## Summary pycares is vulnerable to a use-after-free condition that occurs when a Channel object is garbage collected while DNS queries are still pending. This results in a fatal Python error and interpreter crash. ## Details ### Root Cause The vulnerability stems from improper handling of callback references when the Channel object is destroyed: 1. When a DNS query is initiated, pycares stores a callback reference using `ffi.new_handle()` 2. If the Channel object is garbage collected while queries are pending, the callback references become invalid 3. When c-ares attempts to invoke the callback, it accesses freed memory, causing a fatal error This issue was much more likely to occur when using `event_thread=True` but could happen without it under the right circumstances. ### Technical Details The core issue is a race condition between Python's garbage collector and c-ares's callback execution: 1. When `__del__` is called from within a c-ares callback context, we cannot immedi...