Security news.
Today's security landscape is marked by active exploitation of critical vulnerabilities, supply chain attacks targeting developers, and state-sponsored campaigns. CISA has added a critical F5 BIG-IP APM flaw to its KEV catalog, while Apple is alerting users to active web-based exploits targeting outdated iOS versions.
CISA Adds F5 BIG-IP APM RCE to KEV
CISA has added CVE-2025-53521 (CVSS 9.3), a critical remote code execution vulnerability in F5 BIG-IP Access Policy Manager (APM), to its Known Exploited Vulnerabilities catalog due to active exploitation.
Citrix NetScaler Under Active Reconnaissance for CVE-2026-3055
A critical memory overread bug, CVE-2026-3055 (CVSS 9.3), affecting Citrix NetScaler ADC and NetScaler Gateway is experiencing active reconnaissance, potentially leading to sensitive information disclosure.
Apple Alerts Outdated iPhones to Active Web-Based Exploits
Apple is issuing Lock Screen notifications to users with older iOS/iPadOS versions, urging them to update due to active web-based attacks targeting their devices.
Malicious Telnyx PyPI Package Hides Stealer in WAV Files
TeamPCP compromised the Telnyx Python package on PyPI, uploading malicious versions (4.87.1 and 4.87.2) that conceal credential-stealing malware within WAV audio files.
TA446 Deploys DarkSword iOS Exploit Kit in Spear-Phishing
The Russian state-sponsored threat group TA446 (Callisto, Seaborgium) is leveraging the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices.
Cloudflare-Themed ClickFix Attack Drops Infiniti Stealer on Macs
A new attack chain, dubbed "ClickFix," uses fake CAPTCHA pages and a Nuitka loader to deploy the Python-based Infiniti stealer on macOS systems.
Fake VS Code Alerts on GitHub Spread Malware
A widespread campaign is targeting developers on GitHub with fraudulent Visual Studio Code security alerts in project discussions, tricking them into downloading malware.
European Commission Investigating Amazon Cloud Account Hack
The European Commission is probing a security breach after an attacker gained unauthorized access to its Amazon cloud environment.