Apple Bug Bounty Adds Bonus for Lockdown Bypass Finds
Apple has expanded its bug bounty program to reward researchers up to $2 million for zero-click exploit chains. Bonuses for Lockdown Mode bypasses and beta findings may push payouts even higher.
Read More
Tor Adopts Counter Galois Onion Encryption to Reinforce Security
The Tor network is replacing its legacy relay encryption with Counter Galois Onion (CGO), a research-backed design that hardens Tor against tagging attacks, tampering and modern cryptanalytic threats. This analysis explains how Tor Galois onion encryption works, what changes for users and relay operators, and why it matters for long-term anonymity.
AI-Generated Retail Soundtracks Threaten Belgian Music Revenue
Belgian chains such as Brico and Carrefour are increasingly playing AI-generated, royalty-free music in their stores to cut licensing costs. This shift could slash 25–28 % of public performance income for local artists, warn rights organizations. Here’s how the technology works, the risks it raises, and what defenses stakeholders must consider.
Claude Desktop Extensions Vulnerable to Command Injection
Researchers documented CVSS 8.9 command injection in three official Claude Desktop extensions Chrome, iMessage, and Apple Notes. Because those connectors built AppleScript commands with unescaped user input, prompt injection could pivot from web content to local shell execution on macOS. Anthropic patched the issues. This analysis explains the exploit chain, the fixes, and the validation steps security teams should run to keep MCP servers safe.
F5 Sees Q1 Revenue Miss as Clients Extend Security Diligence
F5 guided first-quarter revenue below expectations as customers extend risk reviews after a breach. Demand remains, yet sales cycles lengthen while teams validate exposure and remediation.
Ransomware Gang Tried to Recruit BBC Reporter for Media Hack
Hackers posing as Medusa agents tried to lure BBC’s Joe Tidy into facilitating a cyberattack, offering him 15–25% of ransom payouts in exchange for his laptop’s access to the network.
US Case Unmasks Human Layer Behind Korean IT Worker Fraud
Five facilitators admitted to helping North Korean remote IT workers infiltrate 136 US companies through stolen identities and “laptop farms,” sending more than $2.2 million back to the regime and exposing hidden risks in everyday hiring pipelines.
LangChain Core Vulnerability Highlights Risks in AI Frameworks
A critical vulnerability in LangChain Core exposes AI-powered applications to manipulation of execution logic and unsafe workflow behavior, reinforcing the urgent need for stronger security controls in AI orchestration frameworks.
Google Workspace Email: Exact DKIM, SPF, and DMARC Settings
Set up Google Workspace the right way: one SPF with include:_spf.google.com, a 2048-bit DKIM key at google._domainkey, and a strict, report-ready DMARC policy with alignment. Start at p=none to discover stray senders, then ramp to quarantine and reject. Verification steps and copy-paste examples included.
Critical Infrastructure Under Attack: Russia-Backed Cybercrime
The U.S. Justice Department indicted a Ukrainian national for her role in Russia-backed cyberattacks targeting critical infrastructure — a move highlighting the resurgence of politically motivated malware campaigns against essential services.