430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Emergency fixes deployed by Google and Apple after targeted attacks

Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple and Google have both pushed out urgent security updates after uncovering a highly targeted attacks against an unknown number of users. The attacks abused zero‑day vulnerabilities in their software. The campaign appears to involve nation-state […]

Apple Signal

Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users.

Apple and Google have both pushed out urgent security updates after uncovering a highly targeted attacks against an unknown number of users. The attacks abused zero‑day vulnerabilities in their software. The campaign appears to involve nation-state actors and commercial spyware vendors, with a focus on specific high‑value individuals rather than mass exploitation.

This week, Google patched several Chrome bugs, including one actively exploited in the wild. The flaw, found by Apple and Google researchers.

At first, Google didn’t share technical details because the investigation was ongoing. Later, they said the bug was found by both Apple’s security team and Google’s Threat Analysis Group, which tracks state-sponsored actors, and commercial spyware vendors. This indicates the flaw was likely used in a targeted espionage campaign, not just random cybercrime.

Apple released updates for iPhones, iPads, Macs, and more, fixing two WebKit flaws (CVE-2025-14174, CVE-2025-43529) likely exploited in targeted iOS 26 attacks.

“Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals on versions of iOS before iOS 26.” states the advisory.

Apple and Google did not provide further information on the attacks. 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, zero-day)