Most iPhone owners have hopefully learned to manage app permissions by now, including allowing location access. But there’s another layer of location tracking that operates outside these controls. Your cellular carrier has been collecting your location data all along, and until now, there was nothing you could do about it.
Apple just changed this in iOS 26.3 with a new setting called “limit precise location.”
Read more…
Source: Malwarebytes Labs
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- CISA: Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858
January 28, 2026
Newly disclosed vulnerability Common Vulnerabilities and Exposures (CVE)-2026-24858 allows malicious actors with a FortiCloud account and a registered device to log in to separate devices registered to other users in FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer, if FortiCloud single sign on (SSO) is ...
- No Agency Is Too Small
January 28, 2026
Back when nation-state threat actors were primarily targeting large government agencies, government contractors, and large companies, security through obscurity was a legitimate strategy. In years past, betting that attackers wouldn’t bother with smaller targets was a feasible way of operating. It’s feasible no longer. Hackers are better equipped than ever before, thanks in part to artificial ...
- Fortinet admits FortiGate SSO bug still exploitable despite December patch
January 23, 2026
Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on devices supposedly fully up to date. In a new advisory, Fortinet said it had identified a fresh attack path being used to abuse SAML-based SSO in FortiOS, even on systems ...
- VMware vCenter Server bug fixed in 2024 under attack today
January 23, 2026
You’ve got to keep your software updated. Some unknown miscreants are exploiting a critical VMware vCenter Server bug more than a year after Broadcom patched the flaw. The vulnerability, tracked as CVE-2024-37079, is an out-of-bounds write flaw in vCenter Server’s implementation of the DCERPC protocol that earned a 9.8 out of 10 CVSS rating. In other ...
- Prioritising post-quantum cryptography migration activities in financial services
January 21, 2026
As post-quantum cryptography (PQC) becomes integrated into mainstream information technology (IT) products and services, financial services institutions must begin to execute their transition strategies. This document provides actionable guidelines to incorporate quantum safety into existing risk management frameworks by assessing the ‘Migration Priority’ based on the ‘Quantum Risk’ and ‘Migration Time’ of business use cases and ...
- Newely discovered AMD CPU flaw highlights the risk of running multiple VMs
January 16, 2026
A newly discovered vulnerability in AMD chips allows malicious actors to perform remote code execution (RCE) and privilege escalation in virtual machines. Cybersecurity researchers from the CISPA Helmholtz Center for Information Security in Germany detailed a vulnerability they named StackWarp, a hardware vulnerability in AMD CPUs that breaks the protections of confidential virtual machines, by manipulating ...