Security news.
Today's security landscape highlights critical vulnerabilities and state-sponsored threats. CISA has added a new F5 BIG-IP APM flaw to its KEV catalog due to active exploitation, while Iranian-linked hackers claim a breach of an FBI director's personal email and a wiper attack on Stryker. macOS users are also targeted by a new info-stealing malware.
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Threat actors with ties to Iran, specifically Handala Hack Team, claim to have breached the personal email of FBI Director Kash Patel and launched a wiper attack against medical technology company Stryker.
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
CISA has added a critical F5 BIG-IP Access Policy Manager (APM) vulnerability, CVE-2025-53521 (CVSS 9.3), to its Known Exploited Vulnerabilities catalog due to active exploitation leading to remote code execution.
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
A critical memory overread flaw, CVE-2026-3055 (CVSS 9.3), affecting Citrix NetScaler ADC and Gateway is currently experiencing active reconnaissance, potentially allowing sensitive information leakage.
TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
The Russian state-sponsored threat group TA446 (Callisto, Seaborgium) is leveraging the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices.
New Infinity Stealer malware grabs macOS data via ClickFix lures
A new info-stealing malware, Infinity Stealer, is targeting macOS systems through Cloudflare-themed ClickFix lures, delivering a Python payload to steal sensitive data.
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Apple is issuing Lock Screen notifications to users with outdated iOS/iPadOS versions, urging them to update due to active web-based attacks targeting older software.
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
TeamPCP hackers compromised the Telnyx package on the Python Package Index (PyPI), distributing malicious versions that conceal credential-stealing malware within WAV audio files.
Fake VS Code alerts on GitHub spread malware to developers
A widespread campaign is targeting developers on GitHub with fake Visual Studio Code security alerts in project discussions, tricking them into downloading malware.