Apple’s secret is out: 3 zero-days fixed, so be sure to patch now!

All Apple users have zero-days that need patching, though some have more zero-days than others.

S3 Ep133: Apple takes “tight-lipped” to a whole new level

Entertaining, educational, and all in plain English 🎧📖

Mac malware-for-hire steals passwords and cryptocoins, sends “crime logs” via Telegram

These malware peddlers are specifically going after Mac users. The hint's in the name: "Atomic macOS Stealer", or AMOS for short.

Apple issues emergency patches for spyware-style 0-day exploits – update now!

A bug to hack your browser, then a bug to pwn the kernel... reported from the wild by Amnesty International.

Apple patches everything, including a zero-day fix for iOS 15 users

Got an older iPhone that can't run iOS 16? You've got a zero-day to deal with! That super-cool Studio Display monitor needs patching, too.

Serious Security: The Samba logon bug caused by outdated crypto

Enjoy our Serious Security deep dive into this real-world example of why cryptographic agility is important!

Apple patches are out – old iPhones get an old zero-day fix at last!

Don't delay, especially if you're still running an iOS 12 device... please do it today!

Serious Security: How to improve cryptography, resist supply chain attacks, and handle data breaches

Lessons for us all: improve cryptography, fight cybercrime, own your supply chain... and don't steal my data and then pretend you're sorry.

PyTorch: Machine Learning toolkit pwned from Christmas to New Year

The bad news: the crooks have your SSH private keys. The good news: only users of the "nightly" build were affected.

S3 Ep115: True crime stories – A day in the life of a cybercrime fighter [Audio + Text]

Listen now - you'll be alarmed, amused and educated, all in equal measure. (Full transcript in article.)

Microsoft dishes the dirt on Apple’s “Achilles heel” shortly after fixing similar Windows bug

It happens to the best of us: Microsoft highlights a security bypass bug on Macs that is curiously similar to a recent Windows 0-day.

Apple megaupdate: Ventura out, iOS and iPad kernel zero-day – act now!

Ventura hits the market with 112 patches, Catalina's gone missing, and iPhones and iPads get a critical kernel-level zero-day patch...

Move over Patch Tuesday – it’s Ada Lovelace Day!

Hacking on actual computers is one thing, but hacking purposefully on imaginary computers is, these days, something we can only imagine.

Apple patches double zero-day in browser and kernel – update now!

Double 0-day exploits - one in WebKit (to break in) and the other in the kernel (to take over). Patch now!

Zoom for Mac patches critical bug – update now!

There's many a slip 'twixt the cup and the lip. Or at least between the TOC and the TOU...

Office macro security: on-again-off-again feature now BACK ON AGAIN!

20 years to turn it on, then 20 weeks to turn it off, then just 2 weeks to turn it back on again. That's progress!

Apple patches “0-day” browser bug fixed 2 weeks ago in Chrome, Edge

One vendor's zero-day is another vendor's routine patch...

That didn’t last! Microsoft turns off the Office security it just turned on

An Office anti-malware setting that took more than 20 years to arrive... and fewer than 20 weeks to vanish again.

Apple pushes out two emergency 0-day updates – get ’em now!

More Apple zero-days - mobile devices, laptops and desktops affected. Update now!

Apple zero-day drama for Macs, iPhones and iPads – patch now!

Sudden update! Zero-day browser hole! Drive-by malware danger! Patch Apple laptops and phones now...

At last! Office macros from the internet to be blocked by default

It's been a long time coming, and we're not there yet, but at least Microsoft Office will be a bit safer against macro malware...

Apple fixes Safari data leak (and patches a zero-day!) – update now

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

S3 Ep63: Log4Shell (what else?) and Apple kernel bugs [Podcast+Transcript]

Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)

Apple security updates are out – and not a Log4Shell mention in sight

Get 'em while they're hot!

Sophos 2022 Threat Report: Malware, Mobile, Machine learning and more!

The crooks have shown that they're willing to learn and adapt their attacks, so we need to make sure we learn and adapt, too.