EVA Information Security, a red teaming company, has disclosed details about three vulnerabilities in the CocoaPods dependency manager that affect millions of macOS and iOS applications. CocoaPods is an open source dependency manager for Swift and Objective-C Cocoa projects that has over 100,000 libraries and is used by about three million applications across the Apple ecosystem.

Ticketmaster recently confirmed that hackers accessed customers' personal information.  Ticketmaster started sending notices to customers last week.  Ticketmaster says an unauthorized third party obtained information from a cloud database hosted by a third-party data services provider between April 2 and May 18.  A hacking group called ShinyHunters claimed to have stolen 1.3TB of data from Ticketmaster.    The breach involved customers who purchased tickets with the company in North America.

Fintech companies Wise and Affirm recently revealed that the recent data breach suffered by Evolve Bank impacted some of their customers.  The LockBit ransomware group recently threatened to leak data allegedly stolen from the US Federal Reserve.  The cybercriminals did leak data on June 26, but it turned out that the files actually originated from an Arkansas-based financial organization, Evolve Bank & Trust.

The Australian Federal Police (AFP) has recently arrested a 42-year-old Australian resident who allegedly established a network of fake free Wi-Fi access points in airports.  Dubbed "evil twin" Wi-Fi devices, the AFP noted that the access points were installed at multiple locations and mimicked legitimate networks to capture personal data from unsuspecting victims who mistakenly connected to them.

Life insurance company Landmark Admin is starting to notify individuals about a data breach impacting personal, medical, and insurance information.  Landmark Admin says it detected the incident on May 13 and found evidence that the attackers accessed specific files containing information such as names, addresses, dates of birth, Social Security numbers, driver’s license numbers, passport numbers, financial account numbers, tax identification numbers, medical information, health insurance policy numbers, and life and annuity policy information.

Infosys McCamish Systems recently announced that a cyberattack impacted more than six million customers last year.  The incident, which was first reported in February, was traced back to November 2023.  During the investigation, it was determined that unauthorized activity occurred between October 29, 2023, and November 2, 2023.

A newly disclosed vulnerability called "regreSSHion" could allow unauthenticated Remote Code Execution (RCE) on millions of OpenSSH servers. Qualys' threat research unit found the critical flaw, which is as severe as the 2021 "Log4Shell" vulnerability. According to the company, the OpenSSH server process 'sshd' is impacted by a signal handler race condition enabling unauthenticated RCE with root privileges on glibc-based Linux systems. The vulnerability can lead to the takeover of a system, potentially resulting in malware installation and backdoor creation.

Angelos Stavrou, professor in the Bradley Department of Electrical and Computer Engineering at Virginia Tech and founder of the mobile security startup A2 Labs, is training Artificial Intelligence (AI) to defend computer networks in a $16 million collaborative cybersecurity project. Stavrou wants to take AI training to the next level with a multi-agent training exerciser (MATrEx), a groundbreaking method for training AI in a three-tiered gaming system that includes simulations, emulations, and a real network. This article continues to discuss the idea behind MATrEx.

Seven Cornell projects have been awarded funding by the Google Cyber NYC Institutional Research Program to improve online privacy, safety, and security. As part of this broader program, Cornell Tech has also launched the Security, Trust, and Safety (SETS) Initiative aimed at advancing education and research on cybersecurity, privacy, and trust and safety.

A University at Buffalo-led research team used Large Language Models (LLMs), including OpenAI's ChatGPT and Google's Gemini, to spot deepfakes of human faces. They found that LLMs lagged in performance compared to state-of-the-art deepfake detection algorithms, but their Natural Language Processing (NLP) may make them a more practical deepfake detection tool in the future. According to the study's lead author, Siwei Lyu, LLMs can plainly explain their findings to humans, such as identifying an incorrect shadow or mismatched earrings.