🐛 NEW SECURITY CONTENT 🐛

💻 macOS Tahoe 26.3 - 57 bugs fixed
support.apple.com/en-us/126348
💻 macOS Sonoma 14.8.4 - 42 bugs fixed
support.apple.com/en-us/126350
📱 iOS and iPadOS 26.3 - 41 bugs fixed
support.apple.com/en-us/126346
📱 iOS and iPadOS 18.7.5 - 37 bugs fixed
support.apple.com/en-us/126347
💻 macOS Sequoia 15.7.4 - 36 bugs fixed
support.apple.com/en-us/126349
🥽 visionOS 26.3 - 29 bugs fixed
support.apple.com/en-us/126353
⌚ watchOS 26.3 - 18 bugs fixed
support.apple.com/en-us/126352
📺 tvOS 26.3 - 16 bugs fixed
support.apple.com/en-us/126351

#apple #cybersecurity #infosec #security #ios

They finally did it. Microsoft has successfully over-engineered a text editor into a threat vector.

This CVE is an 8.8 severity RCE in Notepad of all things lmao.

Apparently, the "innovation" of adding markdown support came with the ability of launching unverified protocols that load and execute remote files.

We have reached a point where the simple act of opening a .md file in a native utility can compromise your system. Is nothing safe anymore? 😭

msrc.microsoft.com/update-guid…

#noai #microslop #microsoft #windows #programming #writing #windows11 #enshittification #cybersecurity #infosec #technology

You can do the following to remove the scheduled task that executes the vulnerable AMDAutoUpdate:

1. Run cmd.exe as administrator

2. schtasks /delete /TN AMDAutoUpdate /F

This prevents the AMDAutoUpdate from executing.

#infosec #cybersecurity #amd #ryzenmaster

Apparently AMD's AutoUpdate downloads the updates over HTTP and executes them without any validation (presumably as SYSTEM user). AMD was notified of the vulnerability but according to them "attack requiring physical access to victim's computer/device, man in the middle or compromised user accounts" are out of scope.

Madness.

source: web.archive.org/web/2026020615…

#vulnerability #infosec #cybersecurity

GNU InetUtils telnetd Authentication Bypass Exploited in the Wild

A critical authentication bypass in GNU InetUtils telnetd (CVE-2026-24061) is actively exploited only days after the public reporting of the flaw. It's urgent that you block any telnet server you are using from the Internet.

**THIS IS URGENT! Check if you are using Telnet anywhere in your network. IMMEDIATELY isolate the Telnet interface to trusted networks and patch the code. Then stop using Telnet and switch to SSH.**
#cybersecurity #infosec #attack #activeexploit
beyondmachines.net/event_detai…

GNU InetUtils telnetd Authentication Bypass Exploited in the Wild

^{BeyondMachines}

If you use #GMAIL, you should be aware that as of this post's timestamp, their spam detection is down and it is likely your emails aren't being scanned for spam, unverified senders, or harmful software.

"We are aware that some Gmail users are experiencing misclassification of emails in their inbox and additional spam warnings. We are actively working to resolve the issue. As always, we encourage users to follow standard best practices when engaging with messages from unknown senders."

"We advise the users to be extra diligent in lieu of missing spam checks." #Spam #Google #InfoSec #Security #Phishing

Google Status:
google.com/appsstatus/dashboar…

Let’s be honest, Ring was already some technocratic, dystopian BS, but if you needed a reason to finally, finally kill it with fire, here’s your reason: Ring is partnering with Flock to help ICE spy on you and your neighbors for the government 👀

#Technology #InfoSec
techcrunch.com/2025/10/16/amaz…

Amazon's Ring to partner with Flock, a network of AI cameras used by ICE, feds, and police | TechCrunch

Agencies that use Flock can request that Ring doorbell users share footage to help with "evidence collection and investigative work."

^{Amanda Silberling (TechCrunch)}