July 1, 2024 at 01:18PM Security flaws in CocoaPods were discovered, allowing attackers to hijack and insert malicious code into popular iOS and macOS applications, posing serious supply chain risks. The vulnerabilities were patched in October 2023, but the issues stemmed from a 2014 migration, leading to unclaimed pods and flawed verification processes. Downstream customers … Read more
March 15, 2024 at 08:15AM Third-party plugins for OpenAI ChatGPT pose a security risk, allowing attackers to gain unauthorized access to sensitive data. Vulnerabilities in ChatGPT and its ecosystem enable the installation of malicious plugins without consent, potentially leading to hijacked accounts on third-party websites. Additionally, a side-channel attack method has been discovered, which can … Read more
December 29, 2023 at 11:21AM The “Operation Triangulation” spyware attack bypassed iPhone memory protections using undocumented Apple chip functions and multiple vulnerabilities. The zero-click campaign targeted iMessage, exploited an RCE vulnerability, and used intricate, multi-stage attacks to gain privileged access and install spyware, presenting an unprecedented level of sophistication in iPhone cyber threats. Kaspersky recommends … Read more