Apple has released security updates for more than two dozen security vulnerabilities across iPhone, iPad, and Mac.
The updates for iOS/iPadOS, MacOS Tahoe, and Safari were issued after testing on iOS 26.6 and iPadOS 26.6 betas.
What stands out in the update is that a lot of the vulnerabilities were found in WebKit, the browser engine that powers Safari as well as every browser on iPhone, including Chrome, Firefox, and Edge. It also looks like several of the issues Apple has addressed can be chained together to steal data or run malicious code with little or no user interaction.
Read more…
Source: MalwareBytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Patch Tuesday – February 2026
February 11, 2026
Microsoft is publishing 55 vulnerabilities this February 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for six of today’s vulnerabilities, and notes public disclosure for three of those. Earlier in the month, All three of the publicly disclosed zero-day vulnerabilities published today are security feature bypasses, and Microsoft acknowledges the same cast of ...
- Russia-linked APT28 attackers already abusing new Microsoft Office zero-day
February 2, 2026
Russia-linked attackers are already exploiting Microsoft’s latest Office zero-day, with Ukraine’s national cyber defense team warning that the same bug is being used to target government agencies inside the country and organizations across the EU. In an alert published on Sunday, CERT-UA says the activity is being driven by UAC-0001, better known as “APT28” or “Fancy ...
- Ivanti patched two critical zero-day vulnerabilities in EPMM
January 30, 2026
Ivanti has patched two critical zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) product that are already being exploited, continuing a grim run of January security incidents for enterprise IT vendors. In January 2025, tens of thousands were urged to patch a Fortinet zero-day, while Ivanti customers were doing the same. There has been little change ...
- Fortinet admits FortiGate SSO bug still exploitable despite December patch
January 23, 2026
Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on devices supposedly fully up to date. In a new advisory, Fortinet said it had identified a fresh attack path being used to abuse SAML-based SSO in FortiOS, even on systems ...
- VMware vCenter Server bug fixed in 2024 under attack today
January 23, 2026
You’ve got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw. The vulnerability, tracked as CVE-2024-37079, is an out-of-bounds write flaw in vCenter Server’s implementation of the DCERPC protocol that earned a 9.8 out of 10 CVSS rating. In other ...
- Cisco has finally patched a maximum-level security issue
January 16, 2026
A maximum-severity vulnerability in certain Cisco products has finally been addressed after allegedly being exploited by Chinese hackers for several weeks. In mid-December 2025, the networking giant disclosed a remote code execution (RCE) vulnerability in AsyncOS that affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. It tracked the flaw as CVE-2025-20393 ...

