#ios

A new extra-secure mode for Android 16 will let at-risk users lock their devices down.

How do you profile actors and defend your systems when multiple threat actors are working together? In Part 2, Cisco Talos proposes an extended Diamond Model to analyze complex relationships between attackers.

Roblox hit with class action over alleged secret tracking of kids’ data; lawsuit claims privacy law violations and…

A list of topics we covered in the week of May 4 to May 10 of 2025

Google announced it will equip Chrome with an AI driven method to detect and block Tech Support Scam websites

Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenarios where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.

We're rolling out a brand new feature in Malwarebytes for iOS: the ability to block Google sponsored ads directly on Safari.

Meta has won almost $170m in damages from Israel-based NSO Group, maker of the Pegasus spyware.

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an

### Impact #### Mithril certification of Cardano database The Mithril network provides certification for snapshots of the Cardano database, enabling users to quickly bootstrap a Cardano node without relying on the slower peer-to-peer synchronization process. To generate a multi-signature, a minimum threshold of Cardano stake registered in the protocol must agree on signing the same message. In this context, a digest is computed from the internal files of the Cardano node's database. However, this mechanism has certain limitations. Specifically, some files are not identically generated across all Cardano nodes, and there is no API to provide consistent snapshots at a specific beacon on the Cardano chain: - All immutable files, except the last one (which is still being created), are used to compute the message - The last immutable file is excluded from the signature - The ledger state files are also excluded from the signature. #### Cardano node startup sequence A Cardano node can ...