Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Siri Bug Enables Data Theft on Locked Apple Devices

Malicious actors could potentially exploit this vulnerability if they gain physical access to a user's device.

DARKReading
Open in Source
#vulnerability#ios#mac#apple#git#auth
GHSA-hx9v-6r9f-w677: Insecure Jinja2 templates rendered in Haystack Components can lead to RCE

### Impact Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. ### Patches The problem has been fixed with PRs deepset-ai/haystack#8095 and deepset-ai/haystack#8096. Both have been released with Haystack `2.3.1`. ### Workarounds Prevent users from running the affected Components, or only let users use preselected templates. ### References The list of impacted Components can be found in the release notes for `2.3.1`. https://github.com/deepset-ai/haystack/releases/tag/v2.3.1

Would Making Ransom Payments Illegal Result in Fewer Attacks?

If paying a ransom is prohibited, organizations won't do it — eliminating the incentive for cybercriminals. Problem solved, it seems. Or is it?

North Korea-Linked Malware Targets Developers on Windows, Linux, and macOS

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea, North America, Europe, and the Middle East. "This form of attack is an

Apple fixes Siri vulnerabilities that could have allowed sensitive data theft from locked device. Update now!

Apple has released security updates that patch vulnerabilities in Siri and VoiceOver that could be used to access sensitive user data.

How To Get the Most From Your Security Team’s Email Alert Budget

We’ll TL;DR the FUDdy introduction: we all know that phishing attacks are on the rise in scale and complexity, that AI is enabling more sophisticated attacks that evade traditional defenses, and the never-ending cybersecurity talent gap means we’re all struggling to keep security teams fully staffed.  Given that reality, security teams need to be able to monitor and respond to threats

Can GPT-4o Be Trusted With Your Private Data?

OpenAI’s newest model is “a data hoover on steroids,” says one expert—but there are still ways to use it while minimizing risk.

A Senate Bill Would Radically Improve Voting Machine Security

This year’s Intelligence Authorization Act would mandate penetration testing for federally certified voting machines and allow independent researchers to work on exposing vulnerabilities.