This week's security updates reveal new phishing campaigns, vulnerabilities in AI sandboxing, and flaws in Apple's email privacy service. These issues indicate pervasive weaknesses in various systems and could lead to increased risk for small businesses and users of affected services.
A phishing campaign is targeting small businesses globally, including Europe and the U.S., using fake investigation emails posing as law enforcement. The emails entice recipients to open a password-protected archive, which contains a custom ransomware payload.
This attack highlights vulnerabilities in email communication and the risks posed by social engineering tactics.
Research from Armadin uncovered a root escape vulnerability in Claude Cowork on Windows. This exploits local code execution to implant malicious files, allowing attackers to run commands as root within the application's sandbox without network restrictions.
The discovery demonstrates serious flaws in the sandbox architecture, which could allow sensitive data exfiltration if local code execution is achieved.
A vulnerability affecting Apple's Hide My Email service has been disclosed, allowing attackers to unmask users' real email addresses. The flaw has not yet been patched, despite being reported over a year ago, raising concerns about user privacy.
The researcher found that during tests, 100% of Hide My Email addresses were found to be exploitable, reflecting potential risks for users relying on Apple's privacy features.
These recent security threats across various systems underline the importance of rigorous security measures and prompt patching of vulnerabilities. Businesses and users should remain vigilant against phishing and other cyber threats, while service providers need to prioritize security improvements.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
This week's security updates reveal new phishing campaigns, vulnerabilities in AI sandboxing, and flaws in Apple's email privacy service. These issues indicate pervasive weaknesses in various systems and could lead to increased risk for small businesses and users of affected services.