Apple announces a “major evolution” of the Apple Security Bounty program, doubling its top award to $2M for exploit chains that could be abused for spyware
$2M Top Payout Usman Qureshi / iPhone in Canada : Apple Doubles Security Bounty Rewards to $2 Million Bill Toulas / BleepingComputer : Apple now offers $2 million for zero-click RCE vulnerabilities Ti...
Researchers detail a now-fixed flaw in Perplexity's Comet AI browser that let an attacker use an indirect prompt injection to manipulate it into taking actions
Brave and Guardio's security audits call out paid AI browser Victor Tangermann / Futurism : Using an AI Browser Lets Hackers Drain Your Bank Account Just by Showing You a Public Reddit Post Marcus Sch...
A Citizen Lab report finds that two European journalists had their iPhones hacked with Paragon spyware; Apple fixed the zero-day used in the spyware in February
Act Now To Prevent Attacks Markus Kasanmascheff / WinBuzzer : Apple Confirms iPhone Flaw Was Used to Spy on Journalists Kevin Poireault / Infosecurity : European Journalists Targeted by Paragon Spywar...
Researchers say a Next.js flaw that existed for several years could have let hackers bypass middleware-based authentication; Vercel patched the flaw on March 18
Next.js version 15.2.3 has been released to address a security vulnerability (CVE-2025-29927). zhero_web_security : Next.js and the corrupt middleware: the authorizing artifact National Vulnerability ...
A Telegram for Android zero-day, patched on July 11, let attackers send malicious Android APK payloads as video files; the exploit was for sale from June 6
Bill Toulas / BleepingComputer :
AT&T says it will begin notifying consumers about a data breach where cybercriminals stole phone records of “nearly all” of its cellular and landline customers
Item 1.05 Material Cybersecurity Incidents. On April 19, 2024, AT&T Inc. … AT&T : AT&T Addresses Illegal Download of Customer Data CNN : Nearly all AT&T cell customers' call and text records exposed ...
Infosys McCamish Systems, which provides consulting, IT, and outsourcing services, says LockBit stole sensitive info of 6M+ people in a 2023 ransomware attack
Bill Toulas / BleepingComputer :
Europol says police in Germany, the UK, the US, and others took down botnets spreading ransomware via infected emails, arrested four, and seized 2,000+ domains
International law enforcement and partners have joined forces. Europol : Largest ever operation against botnets hits dropper malware ecosystem Bill Toulas / BleepingComputer : Police seize over 100 ma...
Lumen details how malware bricked 600K+ routers connected to an autonomous system number belonging to a US ISP in October 2023; the ISP seems to be Windstream
Executive Summary — Lumen Technologies' Black Lotus Labs identified … Christopher Bing / Reuters : Hundreds of thousands of US internet routers destroyed in newly discovered 2023 hack Pierluigi Paga...
The UK and South Korea warn that the North Korean Lazarus hacking group is using a zero-day in the authentication software MagicLine4NX for supply-chain attacks
Bill Toulas / BleepingComputer :