Security news.
Today's security landscape is marked by significant state-sponsored activity, with Iran-linked hackers breaching an FBI director's personal email and deploying wiper attacks. Additionally, CISA has added a critical F5 BIG-IP APM vulnerability to its KEV catalog due to active exploitation, underscoring the ongoing threat from known flaws.
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Threat actors tied to Iran's Handala Hack Team breached the personal email of FBI Director Kash Patel, leaking documents, and also claimed a wiper attack against medical technology firm Stryker.
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
CISA has added a critical F5 BIG-IP Access Policy Manager (APM) vulnerability, CVE-2025-53521 (CVSS 9.3), to its Known Exploited Vulnerabilities catalog due to evidence of active exploitation that could lead to remote code execution.
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
A critical memory overread flaw, CVE-2026-3055, affecting Citrix NetScaler ADC and NetScaler Gateway is experiencing active reconnaissance, posing a risk of sensitive information leakage.
TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
The Russian state-sponsored group TA446 (Callisto) is leveraging the DarkSword exploit kit in targeted spear-phishing campaigns to compromise iOS devices.
New Infinity Stealer malware grabs macOS data via ClickFix lures
A new info-stealing malware, Infinity Stealer, is targeting macOS users through Cloudflare-themed ClickFix lures, using a Python payload packaged with Nuitka.
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
TeamPCP hackers compromised the Telnyx package on PyPI, distributing malicious versions that conceal credential-stealing malware within WAV audio files.
Apple Sends Lock Screen Alerts to Outdated iPhones Over Active Web-Based Exploits
Apple is issuing Lock Screen notifications to users of older iOS/iPadOS versions, urging them to update due to active web-based attacks targeting outdated software.
Fake VS Code alerts on GitHub spread malware to developers
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code security alerts in project discussions, tricking them into downloading malware.