Security researchers Paradigm Shift have discovered a vulnerability in older iPhone and Apple Watch models which can be used to jailbreak the devices. What makes this vulnerability special is the fact that there is no fix for it – the only way to really be secure is to replace the device with a newer model.
The good news is that exploiting the flaw isn’t that simple. It cannot be done remotely since the attacker needs to have physical access to the device, and needs to hook it up to a Raspberry Pi.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Microsoft SharePoint Zero-Day Exploitation: What Public Sector Leaders Should Know
September 30, 2025
The Rapid7 September 2025 Threat Report highlights active exploitation of a critical Microsoft SharePoint vulnerability, CVE-2025-53770. This zero-day is being used by threat actors to gain initial access to victim networks, with exploitation observed in government as well as multiple other industries. SharePoint remains a widely deployed collaboration platform in federal, state, and local agencies, resulting ...
- Broadcom Releases Security Updates for VMware Aria Operations, Tools, and Cloud Foundation
September 30, 2025
Broadcom has released security updates to address vulnerabilities in VMware Aria Operations, Tools, and Cloud Foundation components of VMware products. The updates address 2 high severity and 1 medium severity vulnerabilities. CVE-2025-41244 – “Privilege defined with unsafe actions” vulnerability – CVSSv3 score of 7.8 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber ...
- ‘Widespread’ breach let hackers steal employee data from FEMA and CBP
September 29, 2025
A “widespread cybersecurity incident” at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection, according to a screenshot of an incident overview presentation obtained by Nextgov/FCW. The hack is also suspected to have later triggered the dismissal of two dozen ...
- SVG Phishing hits Ukraine with Amatera Stealer, PureMiner
September 26, 2025
FortiGuard Labs recently observed a phishing campaign designed to impersonate Ukrainian government agencies and deliver additional malware to targeted systems. The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments. When opened, the SVG initiates the download of a password-protected archive that contains a Compiled HTML Help (CHM) ...
- India: Thousands of bank transfer records found spilling online after security lapse
September 26, 2025
A data spill from an unsecured cloud server has exposed hundreds of thousands of sensitive bank transfer documents in India, revealing account numbers, transaction figures, and individuals’ contact details. Researchers at cybersecurity firm UpGuard discovered in late August a publicly accessible Amazon-hosted storage server containing 273,000 PDF documents relating to bank transfers of Indian customers. Read more… Source: ...
- XCSSET evolves again: Analyzing the latest updates to XCSSET’s inventory
September 25, 2025
Microsoft Threat Intelligence has identified yet another XCSSET variant in the wild that introduces further updates and new modules beyond those detailed in our March 2025 blog post. The XCSSET malware is designed to infect Xcode projects, typically used by software developers, and run while an Xcode project is being built. We assess that this mode ...