API Security
Cisco Zero-Day: As Bad as it Gets — and No Fix 4 Weeks in
Keeping us in suspense—It doesn’t get worse than this: CVE-2023-20198 is CVSS=10 ...
Google Pushes ‘Passkeys’ Plan — but it’s Too Soon for Mass Rollout
FIDO FAIL: “Killing passwords” is a worthy goal—but is coercion the best way? ...
iPhone/iPad Warning: Update Now to Avoid Zero-Day Pain
Apple’s embarrassing regression: iOS 17.0.3 fixes yet more nasty zero-days (and the overheating bug) ...
Broken ARM: Mali Malware Pwns Phones
Exploited in the wild: Yet more use-after-free vulns in Arm’s Mali GPU driver ...
China-Backed Hacks of Cisco Routers Worry Feds — BlackTech Revenge?
TTP: IOS EEM CLI BBQ LOL—FBI, NSA, CISA join Japan’s NISC to warn of espionage group linked to Chinese Communist Party ...
More iOS Zero-Days, More Mercenary Spyware — This Time: Cytrox Predator
Apple Scrambled to Fix 3 More CVEs: Egyptian opposition presidential candidate Ahmed Eltantawy targeted “by the government ...
Patch EVERYTHING: Widely Used ‘WebP’ Code has Critical Bug
WebP FAIL. Critical vuln in libwebp: Go get updates to Chrome, Firefox, Edge, Slack and more ...
API Security’s Role in Protecting Retail Cloud Apps
Protection from API security threats is crucial, especially for retail companies that hold sensitive customer and financial data ...
‘BLASTPASS’ iPhone Exploit — Apple Asleep at the Switch
Zero click, zero day, zero clue: Yet another iOS zero-day lets NSO’s Pegasus “mercenary spyware” cause chaos ...
Google Kills 3rd-Party Cookies — but Monopolizes AdTech
Firefox looking good right now: “Privacy Sandbox” criticized as a proprietary, hypocritical, anti-competitive, self-serving contradiction ...