### Impact
A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the `known_hosts` file. This could allow the execution of a man-in-the-middle (MitM) attack against Fleet. In case the server that is being connected to has a trusted entry in the known_hosts file, then Fleet will correctly check the authenticity of the presented certificate. 

Please consult the associated  [MITRE ATT&CK - Technique - Adversary-in-the-Middle](https://attack.mitre.org/techniques/T1557/) for further information about this category of attack.

### Patches
Patched versions include releases `v0.10.12`, `v0.11.7` and `v0.12.2`.

The fix involves some key areas with the following changes:

- Git latest commit fetcher sources `known_hosts` entries from the following locations, in decreasing order of priority:
  1. Secret referenced in a `GitRepo`’s `clientSecretName` field;
  2. If no secret is referenced, in a `gitcredential` secret located in the `GitRepo`’s namespace;
  3. If that secret does not exist, in a (new) `known-hosts` config map installed by Fleet, populated statically with public entries shared by a few git providers: Github, Gitlab, Bitbucket, Azure DevOps;

- Git cloner: same as above.

- `fleet apply` command: same as above. The command reads entries from a `FLEET_KNOWN_HOSTS` environment variable. That command is typically run within a container inside a job pod created by Fleet to update bundles from a new commit. However, users may also decide to run it locally, perhaps even with multiple concurrent executions of the command on the same machine. To cater for this, `fleet apply` writes the contents of `FLEET_KNOWN_HOSTS`, if any, to a temporary file with a random name, and deletes that file once bundles have been created. This reduces the risk of conflicts between concurrent runs.
This happens regardless of the git repository URL (SSH or not), since a repository may reference artifacts to be retrieved using SSH anyway.

**Note about sourcing `known_hosts` entries:** if entries are found in a supported source, whatever that source may be, then those entries will be used. For instance, if wrong entries, or an incomplete set of entries (e.g. only BitBucket entries for a `GitRepo` pointing to Github) are found in a secret referenced in a `GitRepo`’s `clientSecretName` field, they will still be used. This will lead to errors if strict host key checks are enabled, even if matching, correct entries are found in another source with lower priority, such as the `known-hosts` config map. Fleet will not use one source to complement the other.

**Note: Fleet v0.9 release line does not have the fix for this CVE. The fix for v0.9 was considered too complex and with the risk of introducing instabilities right before this version goes into end-of-life (EOL), as documented in [SUSE’s Product Support Lifecycle](https://www.suse.com/lifecycle/#suse-rancher-prime) page. Please see the section below for workarounds or consider upgrading to a newer and patched version of Rancher.**

### Workarounds
There are no workarounds for this issue. Users are recommended to upgrade, as soon as possible, to a version of Fleet that contains the fixes.

### References
If you have any questions or comments about this advisory:
- Reach out to the [SUSE Rancher Security team](https://github.com/rancher/rancher/security/policy) for security related inquiries.
- Open an issue in the [Rancher](https://github.com/rancher/rancher/issues/new/choose) repository.
- Verify with our [support matrix](https://www.suse.com/suse-rancher/support-matrix/all-supported-versions/) and [product support lifecycle](https://www.suse.com/lifecycle/).

**Impact**

A vulnerability has been identified within Fleet where, by default, Fleet will automatically trust a remote server’s certificate when connecting through SSH if the certificate isn’t set in the known_hosts file. This could allow the execution of a man-in-the-middle (MitM) attack against Fleet. In case the server that is being connected to has a trusted entry in the known\_hosts file, then Fleet will correctly check the authenticity of the presented certificate.

Please consult the associated MITRE ATT&CK - Technique - Adversary-in-the-Middle for further information about this category of attack.

**Patches**

Patched versions include releases v0.10.12, v0.11.7 and v0.12.2.

The fix involves some key areas with the following changes:

*   Git latest commit fetcher sources known_hosts entries from the following locations, in decreasing order of priority:
    
    1.  Secret referenced in a GitRepo’s clientSecretName field;
    2.  If no secret is referenced, in a gitcredential secret located in the GitRepo’s namespace;
    3.  If that secret does not exist, in a (new) known-hosts config map installed by Fleet, populated statically with public entries shared by a few git providers: Github, Gitlab, Bitbucket, Azure DevOps;
*   Git cloner: same as above.
    
*   fleet apply command: same as above. The command reads entries from a FLEET_KNOWN_HOSTS environment variable. That command is typically run within a container inside a job pod created by Fleet to update bundles from a new commit. However, users may also decide to run it locally, perhaps even with multiple concurrent executions of the command on the same machine. To cater for this, fleet apply writes the contents of FLEET_KNOWN_HOSTS, if any, to a temporary file with a random name, and deletes that file once bundles have been created. This reduces the risk of conflicts between concurrent runs.  
    This happens regardless of the git repository URL (SSH or not), since a repository may reference artifacts to be retrieved using SSH anyway.
    

**Note about sourcing known_hosts entries:** if entries are found in a supported source, whatever that source may be, then those entries will be used. For instance, if wrong entries, or an incomplete set of entries (e.g. only BitBucket entries for a GitRepo pointing to Github) are found in a secret referenced in a GitRepo’s clientSecretName field, they will still be used. This will lead to errors if strict host key checks are enabled, even if matching, correct entries are found in another source with lower priority, such as the known-hosts config map. Fleet will not use one source to complement the other.

**Note: Fleet v0.9 release line does not have the fix for this CVE. The fix for v0.9 was considered too complex and with the risk of introducing instabilities right before this version goes into end-of-life (EOL), as documented in SUSE’s Product Support Lifecycle page. Please see the section below for workarounds or consider upgrading to a newer and patched version of Rancher.**

**Workarounds**

There are no workarounds for this issue. Users are recommended to upgrade, as soon as possible, to a version of Fleet that contains the fixes.

**References**

If you have any questions or comments about this advisory:

*   Reach out to the SUSE Rancher Security team for security related inquiries.
*   Open an issue in the Rancher repository.
*   Verify with our support matrix and product support lifecycle.

**References**

*   GHSA-xgpc-q899-67p8
*   rancher/fleet#3571
*   rancher/fleet#3572
*   rancher/fleet#3573
*   https://github.com/rancher/fleet/releases/tag/v0.10.12
*   https://github.com/rancher/fleet/releases/tag/v0.11.7
*   https://github.com/rancher/fleet/releases/tag/v0.12.2

GHSA-xgpc-q899-67p8: Fleet doesn’t validate a server’s certificate when connecting through SSH

In this episode of Uncanny Valley, our hosts explain how to prepare for travel to and from the United States—and how to stay safe.

Protecting Your Phone—and Your Privacy—at the US Border

XRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update…

XRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update xrpl package to 4.2.5 or 2.14.3 immediately.

A serious security breach targeting users of the XRP Ledger has been uncovered by the Aikido Intel threat detection system. Aikido’s research reveals that it was a sophisticated supply chain attack that compromised the official xrpl Node Package Manager (NPM) package, a widely utilized software development kit (SDK) for interacting with the XRP Ledger.

This malicious infiltration resulted in the introduction of a backdoor designed to steal users’ private keys, granting attackers complete control over their cryptocurrency wallets. Suspicion was raised on April 21st at 20:53 GMT+0 when five newly released versions of the xrpl package on NPM, which has over 140,000 weekly downloads, contained malicious code that did not align with the official releases on GitHub.

The compromised versions were 4.2.4, 4.2.3, 4.2.2, 4.2.1, and 2.14.2 whereas the latest legitimate version on GitHub was 4.2.0 at the time of the attack. This discrepancy raised concerns.

“The fact that these packages showed up without a matching release on GitHub is very suspicious,” Aikido’s malware researcher Charlie Eriksen revealed in the blog post shared exclusively with Hackread.com.

Further probing revealed unusual code in the src/index.ts file of version 4.2.4 of rogue packages (tagged as the latest version), which had a harmless-looking function named checkValidityOfSeed, but it led to an HTTP POST request to an unfamiliar domain, 0x9cxyz. The domain’s registration information analysis indicated it was newly created, fuelling concerns about its legitimacy.

Source: Aikido

Digging deeper, researchers discovered that checkValidityOfSeed was being called within critical functions, including the constructor of the Wallet class in src/Wallet/index.ts. This allowed the malicious code to execute when a Wallet object was instantiated within an application using the compromised xrpl package, attempting to send the user’s private key (needed to access and manage a user’s XRP funds) to the attacker’s server.

This allowed the backdoor to steal private keys “as soon as a Wallet object is instantiated.”

Researchers also noted that attackers’ methods evolved. Initial malicious versions (4.2.1 and 4.2.2) showed different modifications compared to later compromised versions. The first versions introduced malicious code into built JavaScript files, removing scripts and prettier configurations (the settings and rules that govern how the Prettier code formatter automatically formats your code) from the package.json file. Versions 4.2.3 and 4.2.4 integrated the malicious code directly into the TypeScript source code, indicating a refinement in their approach to remain undetected.

Following the disclosure of this supply chain attack, the official xrpl team released two new, clean versions of the package: 4.2.5 and 2.14.3. Users are strongly encouraged to update to these secure versions immediately to mitigate any potential risk.

Researchers also highlighted that “any seed or private key that was processed by the code has been compromised,” and hence should be considered unusable. Any cryptocurrency assets associated with them should be immediately transferred to a new, secure wallet with a newly generated private key.

Backdoor Found in Official XRP Ledger NPM Package

A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data.

Got an Android phone? Got a tap-to-pay card? Then you’re like millions of other users now at risk from a new form of cybercrime – malware that can read your credit or debit card and hand its data over to an attacker. A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data and send it to cybercriminals half a world away. All you have to do is install the software and tap your card to your phone – and criminals excel at persuading you to do just that.

The malware, which cybersecurity company Cleafy calls SuperCard X, uses a feature now found in most Android phones: near-field communication (NFC). This enables your phone to read the data on a supporting payment card when it comes close enough. It’s how tap-to-pay machines found in retailers and ATMs work their magic.

Attackers get the malicious software via a malware-as-a-service model. This enables them to become affiliates for the developers of the software, who typically offer it for a percentage of the attackers’ takings. They can then focus on finding and targeting victims with social engineering attacks, which Cleafy says they’ve been doing in Italy.

**How the attack works**

First the attackers have to get the malware onto someone’s Android phone. That starts with a fraudulent ‘smishing’ message sent via SMS or WhatsApp, often impersonating a bank and asking the user to call.

The telephone number connects the victim to the attacker, who then persuades them to give up their PIN and log into their bank account. From there, they persuade the victim to remove the spending limits on their card, and then to install what they claim is a security application, sent to their phone as a link. This contains the SuperCard X malware.

Finally comes the payoff. The attacker, who by now will likely have built up a rapport with the victim, will ask them to tap their card to their phone. The malware then captures the card details, which it then sends to the attacker’s own Android phone. They can then use the phone as a cloned card for contactless payments. If you’ve ever tapped your phone instead of your card to pay for something, you’ll know how easy that is to do.

**Where did SuperCard X come from?**

Like much malware, SuperCard X didn’t come out of nowhere. Cleafy says that it shares code with another piece of malware called NGate, discovered last year. Both of these are likely built on concepts first outlined in NFCGate, a freely available open-source NFC software tool developed by German’s Technical University of Darmstadt.

SuperCard X’s developers have focused on making this software as stealthy as possible. Most antivirus programs for Android fail to spot it, says Cleafy. That’s because it asks for as few privileges as possible on the phone, and it doesn’t include many of the features that other malware has. In short, the less that a malicious program does on a phone, the smaller its footprint is and the more silent it can be.

This malware is a cybercriminal’s favorite for several reasons. Rather than attacking people with accounts at a particular bank, it works against anyone with a payment card, increasing the attacker’s scope. It’s also instant, compared to thefts by wire transfer, which can take days to complete.

It is important to note that payment framework**s** like Google Pay, Apple Pay, Samsung Pay, and som b**a**nk-specific wallet apps  use dynamic cryptographic tokens — which are similar in concept to the “rolling codes” often used in car keyless entry systems — to prevent signal replay attacks.

**How to protect yourself**

But, as with many things, the best defense is you. In this case, protection is simple. The cybercriminals behind this attack can’t do anything unless you install the software on your phone, and so they go through several steps to convince you to do so.

Be skeptical of text messages from people you don’t know, especially those claiming to be urgent. Scammers typically try and panic you into a fast response. When they get you on the phone, they can befriend you, further impeding your ability to think critically and say “no”.

If you can’t help yourself and feel compelled to take action, check in with a trusted family member if available to get their perspective. If you’re still convinced, then at least verify the message first. Call your financial institution through an official number – not through the one in the text message. We’ll bet a steak dinner that they won’t know what you’re talking about.

Never give personal details to anyone you don’t know who contacts you via text message, and never change your banking details at their request. And if anyone asks you to install software sent via text message, refuse and end the communication.

**We don’t just report on phone security—we provide it**

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

 Android malware turns phones into malicious tap-to-pay machines 

Hackers in the Elusive Comet campaign exploit Zoom’s remote-control feature to steal cryptocurrency, and over $100K lost in…

Hackers in the Elusive Comet campaign exploit Zoom’s remote-control feature to steal cryptocurrency, and over $100K lost in social engineering scam.

A new cybercrime campaign called “Elusive Comet” is targeting professionals in the cryptocurrency space. But, instead of going after blockchain tech directly, the attackers are using Zoom’s remote-control features to gain access to targeted devices.

Cybersecurity firm Security Alliance (SEAL) broke down the details in a report published in March 2025. Security Alliance (SEAL) in March 2025.

The Elusive Comet campaign is a social engineering scam where cybercriminals impersonate legitimate figures to lure victims into Zoom meetings. They often use phishing emails or DMs on X to create a convincing scenario, posing as individuals wanting to interview the victim for a podcast or media feature by Aureon Capital, which claims to be a legitimate venture capital firm.

Once the victim accepts the Zoom invitation, the attackers manipulate their computer by requesting remote control access under the pretence of needing technical assistance or help with a presentation. They change their Zoom display name to “Zoom,” creating a false sense of trust.

Zoom remote-control request dialogue box showing Zoom as the requestor (Source: Trail of Bits)

For your information, Zoom’s remote-control feature is designed for accessibility and collaboration, allowing one participant to control another’s screen with explicit permission. When attackers gain remote control, they install malware onto the victim’s machine, often including infostealers and RATs (Remote Access Trojans), eventually obtaining unauthorized access to the compromised system, exfiltrating crucial information like cryptocurrency wallet credentials, personal data, and private keys.

The effectiveness of this attack is illustrated by the experience of Jake Gallen, CEO of Emblem Vault. Gallen lost over $100,000 in digital assets after falling victim to the Elusive Comet campaign. He agreed to a Zoom interview with a media personality and was granted remote control access following which “GOOPDATE” malware was installed, allowing the attacker to drain his cryptocurrency wallets.

> Working with @\_SEAL\_Org we were able to retrieve a malware file that was installed on my computer during a @Zoom call with a youtube personality of over 90k subs.
> 
> Below I will share details about that person, my experience, and this malicious software known as GOOPDATE ↓ https://t.co/xXoeSWLUXA
> 
> — jake (@jakegallen\_) April 14, 2025

Cybersecurity firm Trail of Bits also encountered the Elusive Comet campaign when their CEO received suspicious invitations to a fake “Bloomberg Crypto” series via Twitter. They identified the attackers’ refusal to communicate via email and the use of unofficial Calendly scheduling pages as key indicators of malicious intent.

SEAL highlighted similarities between these attacks and the notorious North Korean hacking collective Lazarus Group’s past operations but could not conclusively attribute the campaign to Lazarus.

SEAL and Trail of Bits recommend several mitigation strategies for cryptocurrency professionals to protect against cyberattacks. These include disabling Zoom’s Remote-Control feature by default and exercising extreme caution with unsolicited invitations.

Researchers also advise implementing strong authentication measures, considering alternative communication platforms like Google Meet, and restricting application controls over high-risk applications like Zoom by technically blocking remote control.

Max Gannon, Intelligence Manager at Cofense commented on the latest development, stating, “The malicious use of legitimate software is a growing trend we’ve continued to see in 2025. In this case, threat actors are leveraging legitimate Zoom and Calendly links to bypass security controls. As trusted domains, their use in this attack makes it more difficult to detect and block.”

Elusive Comet Attack: Hackers Use Zoom Remote-Control to Steal Crypto

Free up space on your iPhone fast. Learn 5 proven ways to clear storage, remove clutter, and manage photos, apps, and files with no gimmicks, just results.

If your iPhone feels cramped and storage alerts show up like it’s on a schedule, it’s probably time for a cleanup. Below, we’ll go over easy ways to quickly free up space on iPhone – and talk a bit about storage management in general. These aren’t gimmicks; they’re time-tested methods and tricks that work for anyone, whether you’re rocking an older iPhone or the latest model.

****How to Check What’s Eating Up Space****

The first thing on the checklist is to figure out what’s taking up all that space. Before you start deleting stuff blindly, open up Settings on your iPhone, tap General, and then hit iPhone Storage.

Give it a second to load – once it does, you’ll see a full breakdown: apps, photos, media, messages, system files, and that “Other” section that never quite explains itself. You can read what all those mean in the official iPhone guide – we won’t stop on this too long.

What matters right now is _where_ your space is going. If Photos is at the top? You’ll want to start there. If it’s giant apps like TikTok, Instagram, or games you haven’t touched in months – yep, those might be the real problem. You might even get some auto-suggestions right there in the menu, like “Offload Unused Apps” or “Review Large Attachments.” Take those seriously – they’re built into the system for a reason.

****How to Free Up Storage on iPhone****

Now, we’ll go through the most popular methods from the overall list of methods to free up space on an iPhone, step by step. We’ll start with Photos first, since for most people (and maybe for you), this is where storage goes to die.

****1\. Clean Up Your Photos****

You probably already know how to manually delete photos or videos from the Photos app. You just tap **_Select_**, choose what you don’t need, and hit the **trash icon**. Simple. But also… kinda miserable. That’s hours of scrolling and second-guessing.

So let’s skip the obvious and talk about faster ways to handle photo cleanup.

First, your iPhone actually has a Duplicates album baked into the Photos app. It can help you spot and merge exact photocopies – like when you AirDropped yourself the same shot twice or saved it from Messages. That can be useful… but there are a couple of catches.

1.  It only works with **exact** duplicates – so if the two photos look nearly identical but aren’t pixel-for-pixel twins, they won’t show up.
2.  It takes time. As a lot of folks pointed out on Reddit, your iPhone doesn’t flag duplicates instantly. You might have to wait a few hours (or days) for the indexing to finish before anything appears in that folder.
3.  Even when it _does_ work, it doesn’t always make a huge dent. A few exact copies here and there usually won’t free up gigabytes.

That’s why a lot of us end up turning to third-party tools that offer broader and faster ways to clean up photos. Special attention should go to AI-powered cleaners – these apps use actual machine learning to spot stuff your iPhone can’t. Not just copies, but _similar_ photos. Like ten shots of the same person blinking… and only one where their eyes are open.

One of the best apps we’ve used for this is Clever Cleaner: AI CleanUp App. It’s 100% free, smart, clean, and surprisingly good at figuring out what’s worth keeping.

**Here’s how to use it:**

1.  Download Clever Cleaner from the App Store.
2.  Open the app, go to Similars, and let it group your lookalike photos.
3.  Tap Smart Cleanup.
4.  The AI picks the best shots to keep. Like the selection? Slide to delete. Want to tweak it? Tap a group, pick a different best shot, or skip it.
5.  When you’re done, Hit Move to Trash, then Empty Trash to clear it all out.

It also flags Heavies (your largest files, sorted big to small – something the Photos app _can’t_ do), Screenshots (easy bulk delete), and Lives (lets you convert Live Photos to stills to save space).

After each cleanup, it shows how much space you saved – and reminds you to empty the Recently Deleted album to actually free up space on your iPhone.

****2\. Offload or Delete Unused Apps****

The next way to potentially clear _a lot_ of space on an iPhone is Apps. Especially the ones you haven’t opened in six months but somehow still take up 1.2 GB.

To find and quickly delete the biggest unused apps, do this:

1.  Open Settings.
2.  Tap General.
3.  Go to iPhone Storage.
4.  Wait for the list to load (apps are sorted by size, largest at the top).
5.  Tap any app you don’t use.

Next, you’ve got two options:

*   **Offload**. This deletes the app itself but keeps all your data. If you reinstall later, everything’s still there. Best for apps you _might_ use again.
*   **Delete**. This wipes the app and its data. Good for things you know you’re done with.

Pro tip: if you’re cool with iOS doing this automatically, turn on Offload Unused Apps in iPhone Storage. It silently trims unused apps when space runs low – and puts a little download icon on them so you can grab them back anytime.

****3\. Clear Safari Cache****

If you’ve been using Safari for a while – browsing, shopping, reading articles at 2 a.m. – there’s a good chance it’s been quietly stockpiling data in the background. Website history, cookies, cached images… it all adds up. You won’t see it in the Photos app or under “Media,” but it’s there.

It’s easy to clear it, and no, it _won’t_ delete your saved passwords or bookmarks. It’ll just wipe the behind-the-scenes junk.

**To do it:**

1.  Open Settings.
2.  Scroll down and tap Safari.
3.  Scroll again and tap Clear History and Website Data.
4.  Confirm when it asks.

That’s it. Safari gets a clean slate, and you get a bit more breathing room.

It’s also a good idea to clear the cache in other apps you use often. Safari isn’t the only one. Apps like Chrome, Firefox, Snapchat, WhatsApp, and most social media or browser apps all store cached data too. But, you won’t find those cache-clearing options in iPhone’s main Settings menu.

Each app handles it differently, usually tucked away in the app’s own settings. Some call it “Clear Cache,” others go with “Storage Management” or “Data Usage.” If you’re not sure where to look, check the app’s help guide or support page – there’s usually a quick step-by-step there.

And if you can’t find a clear option at all? Easy fix: delete and reinstall the app. It’s the fastest way to wipe the cache and start fresh. You’ll need to log back in, but you’d be surprised how much space that one move can save.

****4\. Delete Large Message Attachments****

Yes, all those photos, videos, voice notes, and memes you’ve sent and received over the years stay on your iPhone’s local storage. Every single one. Doesn’t matter if it’s from last week or three months ago – they’re still there.

Luckily, there’s a built-in way to review and clear this stuff (at least the biggest offenders) quickly. Here’s how to do it:

1.  Open Settings.
2.  Go to General > iPhone Storage.
3.  Scroll down and tap Messages.
4.  Under _Documents_, tap Review Large Attachments.
5.  You’ll see a list of the bulkiest files buried in your message threads.
6.  Tap Edit, select the ones you don’t need, and hit Delete.

That’s it. Quick and painless (and your conversations stay intact).

If you want to go even further, head to _Settings > Messages > Keep Messages_ and switch it to 30 Days. iOS will automatically toss older messages and their attachments without you lifting a finger.

If you don’t see Review Large Attachments, it means iOS didn’t flag anything big enough in the Messages app to show there – _or_ you simply haven’t accumulated much yet (good for you).

But that doesn’t mean you’re out of options.

You can still clear attachments manually within most messaging apps. Just like with cache, many apps have their own settings to manage storage and remove media files without deleting your entire chat history. This works for the built-in Messages app, and also for third-party apps like WhatsApp, Telegram, and others.

****5\. Remove Downloaded Files****

This one flies under the radar for a lot of people. You download a file – maybe a PDF, a video, a ZIP, or a random invoice – and forget all about it. But your iPhone doesn’t. It quietly saves that file in the **Files** app, or tucked inside whatever app you used to open it.

**Start with the Files app:**

1.  Open Files.
2.  Tap Browse at the bottom.
3.  Go to On My iPhone.
4.  Check folders like _Downloads_, _Documents_, or anything app-specific (Chrome, Acrobat, etc.)
5.  Long-press to delete anything you don’t need.

Then think about apps that save content offline. Netflix, Spotify, YouTube Premium, and even Podcasts – they all store downloaded files locally. You won’t see this storage in the Files app, but you can manage it inside each app’s settings. Look for things like Downloads, Offline Media, or Storage Usage. Some let you clear everything in one tap.

****Final Words****

These 5 methods to clear space on the iPhone we covered above are the same ones we’ve used countless times – and the ones we regularly recommend to others. They’re reliable, and efficient, and cover the main sources of clutter on nearly every device.

Some additional methods/features can help in specific cases:

*   You can activate Optimize iPhone Storage if you use iCloud, this keeps smaller, device-friendly versions of your photos and shifts the full-resolution ones to the cloud. It’s a simple toggle that can save a lot of space without deleting anything.

*   Voice Memos is another one to check. If you use the app often, long or forgotten recordings can quietly take up storage in the background. Clearing them out occasionally can free up more room than you’d expect.

But those are more situational. The five methods in our guide cover the must-dos. They work across devices, they’re easy to repeat, and they don’t require any technical know-how. A simple cleanup with these steps will give any iPhone more breathing room.

If you found these methods helpful, use the buttons below to share on Facebook or tweet it on X – someone else is probably dealing with the same storage headache right now.

How to Clear iPhone Storage

Lattica’s cloud-based solution uses Fully Homomorphic Encryption to query encrypted data on AI models without decrypting it, preserving privacy and bolstering security.

Lattica, an FHE-based platform enabling secure and private use of AI in the cloud, has emerged from stealth. The company is backed by Konstantin Lomashuk’s Cyber Fund, and Sandeep Nailwal, co-founder of Polygon Network and Sentient: The Open AGI Foundation, among others.

Lattica’s technology represents a critical new standard for industries such as healthcare, finance and government sectors, where data privacy and security concerns have limited AI adoption. According to Cisco’s 2025 AI Briefing: CEO Edition, 70% of CEOs surveyed admitted being concerned about the state of their networks due to the rising adoption of AI, with 34% citing security as a major barrier to adoption. 

Fully Homomorphic Encryption (FHE) – the “holy grail” of cryptography in the last decade – ensures all communication between AI providers and end users remains encrypted, without needing to decrypt it, but due to longstanding computational inefficiencies, FHE has yet to be widely adopted. By capitalizing on the latest breakthroughs in the AI acceleration stack, Lattica leverages advanced acceleration techniques to operationalize FHE. 

Led by founder and CEO, Dr. Rotem Tsabary, who holds a PhD in lattice-based cryptography from the Weizmann Institute of Science, Lattica takes advantage of the foundational mathematical similarities between FHE and machine learning to offer a hardware-agnostic, cloud-based platform that utilizes FHE to deliver secure and private use of AI.

A key differentiator powering Lattica’s solution is its Homomorphic Encryption Abstraction Layer (HEAL), which enhances FHE performance and standardizes its acceleration. A cloud-based service, HEAL serves as a universal bridge connecting FHE applications and AI algorithms across a diverse range of hardware including GPUs, TPUs and CPUs, as well as dedicated accelerators like ASICs and FPGAs.

“By combining the advancements of hardware acceleration with software-based optimization, we realized that not only could we improve FHE efficiency to the point of commercial viability, but use it to solve critical data dilemmas holding back AI’s adoption in sensitive industries,“ said Dr. Rotem Tsabary, founder and CEO of Lattica. “We’re enabling practical FHE by developing a solution that is tailor-made for neural networks.”

As part of its emergence from stealth, Lattica has made demos of the platform available on its website, alongside insights from an in-depth survey within the FHE community. Survey results validate Lattica’s approach, revealing that a majority (71%) of respondents believe FHE adoption will be achieved through a combination of hardware and software. 

“Lattica is pushing the boundaries of Fully Homomorphic Encryption, solving one of the most critical challenges in AI security,” said Konstantin Lomashuk, Managing Partner at Cyber Fund. “Cyber Fund is proud to have led Lattica’s pre-seed round. This is the kind of deep-tech innovation that defines the future, and we’re excited to see Lattica leading the way.”

Lattica’s focus on healthcare and finance further underscores the platform’s relevance, with potential applications in secure data analysis for medical research and encrypted financial transactions.

“Lattica’s product-first approach fundamentally transforms sensitive data processing in the AI ecosystem,” said Sandeep Nailwal, co-founder of Polygon Network and investor in Lattica. “Lattica has made FHE a reality that is both practical and scalable, as Tsabary and her research team is proving that advances in the machine learning stack can significantly boost the performance of FHE and have an immediate impact on the market.”

****About Lattica****

Lattica enables querying AI models with Fully Homomorphic Encryption, offering FHE as a hardware-agnostic, cloud-based service. The platform leads in scientific innovation by ensuring that user queries remain encrypted throughout the entire machine-learning inference process.

Lattica’s Homomorphic Encryption Abstraction Layer (HEAL) connects FHE applications, algorithm implementations, and diverse hardware backends, making secure AI computation as accessible as traditional cloud-based AI services. The company is headquartered in Tel Aviv.

Lattica Emerges from Stealth to Solve AI’s Biggest Privacy Challenge with FHE

Marks & Spencer (M&S) cyberattack disrupts contactless payments and Click & Collect; investigation launched as retailer apologises and…

Marks & Spencer (M&S) cyberattack disrupts contactless payments and Click & Collect; investigation launched as retailer apologises and claims to boost cybersecurity measures.

British retailer Marks & Spencer (M&S), a company with over 140 years of history in food and clothing, experienced a major cybersecurity incident during the Easter break that disrupted some of its essential services.

This event impacted the ability of customers to make contactless payments in their stores and caused delays in the collection of online orders, known as the Click and Collect service. Many customers took to social media platforms to voice their frustrations regarding these issues.

Stuart Machin, the Chief Executive of M&S, issued an apology to customers, acknowledging the disruptions. He explained that the company had to implement temporary adjustments to their store operations as a protective measure for both their customers and the business itself. While the stores remained open and the M&S website and mobile application continued to function normally, the technical difficulties with contactless payments and Click and Collect caused considerable inconvenience.

Email sent by M&S

In response to this incident, M&S promptly engaged external cybersecurity specialists to conduct a thorough investigation and manage the situation effectively. The company also notified key regulatory bodies, including the Information Commissioner’s Office (ICO), the UK’s data protection authority, and the National Cyber Security Centre. An ICO spokesperson confirmed that they were aware of the incident and were in the process of assessing the information provided by M&S.

Furthermore, M&S assured its investors that they were taking proactive steps to enhance the security of their network and ensure the continuation of customer service. In their statement to the London Stock Exchange, M&S emphasized the paramount importance of customer trust and pledged to provide updates if the situation evolved. 

While M&S informed customers that they were actively working to resolve the “limited” delays affecting Click and Collect orders, some shoppers had reported issues even before the official announcement. These earlier complaints included difficulties using gift cards and vouchers within M&S stores. One customer described the situation as a “total failure for customers,” highlighting the lack of communication that could have prevented unnecessary trips to the stores.

The timeline of the incident indicates that while the main cyber incident impacting contactless payments and Click and Collect began on Monday, there was a separate technical problem affecting only contactless payments that occurred on the preceding Saturday. This suggests that M&S was dealing with technical difficulties throughout the weekend and it wasn’t the immediate aftermath of the main cyber incident.

Nevertheless, this incident follows a pattern of similar attacks on UK organizations in recent years. Transport for London had to shut down numerous online services after a cyberattack, Royal Mail faced severe disruptions to international mail services recently resulting in the attackers leaking 144GB of its internal files, and retailer WH Smith experienced a data breach compromising employee information.

James Hadley, Founder and Chief Innovation Officer, Immersive: “Breaches like M&S’s aren’t rare. While they communicated clearly and likely followed tested response plans, such attacks highlight the gap between perceived and actual cyber resilience. Regular cyber drills and realistic crisis simulations are vital for building real confidence and preparing teams to protect critical data in an increasingly high-risk environment.”

M&S Cyberattack Disrupts Contactless Payments and Click & Collect Services

Cisco Talos discovered a sophisticated attack on critical infrastructure by ToyMaker and Cactus, using the LAGTOY backdoor to orchestrate a relentless double extortion scheme.

Introducing ToyMaker, an Initial Access Broker working in cahoots with double extortion gangs

Following the death of Pope Francis, the Vatican is preparing to organize a new conclave in less than 20 days. This is how they’ll tamp down on leaks.

In 2005, cell phones were banned for the first time during the conclave, the process by which the Catholic Church elects its new pope. Twenty years later, after the death of Pope Francis, the election process is underway again. Authorities have two priorities: to protect the integrity of those attending the meeting, and to ensure that it proceeds in strict secrecy (under penalty of excommunication and imprisonment) until the final decision is made.

By 2025, the Gendarmerie corps guarding Vatican City faces unprecedented technological challenges compared to other conclaves. Among them are artificial intelligence systems, drones, military satellites, microscopic microphones, a misinformation epidemic, and a world permanently connected and informed through social media.

The conclave is scheduled to take place approximately 20 days after the pope's death. The Vatican and the Holy See are preparing for the arrival of the cardinals who will vote for the next leader of the Catholic faith. Emergency and control bodies are also working on it with state-of-the-art technology. So far, they have not shared details about their security arrangements, but they are not inexperienced in the task of safeguarding the integrity of high-profile figures in the face of today's technological risks.

In fact, the election in 2013 of Jorge Mario Bergoglio—the real name of Pope Francis—as supreme pontiff gives some indications of the rigorous security strategies that will be presented in the next conclave.

**Signal Jammers and Device Checks**

The Vatican has internet access, but within the areas where the cardinals will reside and vote for the new pope, there will be signal jammers. The technology prevents two devices from communicating with each other through radio frequency interference. The headquarters becomes an electronic bunker. Thus, if someone were to manage to introduce a microphone, telephone, or computer, they would be unable to transmit information.

However, the possibility of administrative staff or the cardinals themselves introducing technology is remote. Authorities inspect the building for days in search of unauthorized microphones or cameras, check every permitted attendee, and double-check participants.

**Privacy Film in the Windows**

Contemporary satellites are capable of taking pictures of people's faces from space, while AI can interpret lip movements. However, since there's currently no technology to see through walls with such high resolution, the best strategy against espionage in the conclave is to close doors and windows.

During meetings and in the sleeping quarters, voters are not allowed to look outside. In addition, before the cardinals arrive, Vatican staff place opaque film over windows so that no journalist, satellite, or drone can take pictures of the interior.

**Locked-Down Vatican**

The Vatican covers only 0.44 square kilometer in area. It is the smallest nation in the world. Until 2018, it had 650 cameras monitoring its streets from an underground command center. In addition, the Vatican City Gendarmerie, which functions as a conventional police force, and the Pontifical Swiss Guard, which acts as an army, are located within the territory. While in photographs they appear to be wearing antique costumes and carrying halberds, the latter group has highly trained personnel with heavy weapons, such as machine guns, rifles, and explosives.

An estimated 200,000 people are expected to be present in the small city-state once the conclave has determined the name of Pope Francis' successor.

_This story originally appeared on_ WIRED _en Español_ _and has been translated from Spanish._

Tag

#mac