Show threadAmgine9h ago

That said, #security people are reporting this update is not known to be harmful.

It fixes a #bug in the latest #WebKit used by #Safari.

* https://www.bleepingcomputer.com/news/security/apple-pushes-first-background-security-improvements-update-to-fix-webkit-flaw/
* https://appleinsider.com/articles/26/03/17/apples-latest-background-security-improvement-targets-a-webkit-flaw
* https://www.engadget.com/computing/apple-releases-its-first-background-security-improvement-for-macos-ios-and-ipados-214052311.html

Because #Apple has illegally integrated Safari into #iOS, this affects every iOS device even if you do not use Safari.

The 1ST USE of the (new) Background Security Improvement 'feature'. It will likely become a standard always-on security hole / #backdoor.

[EDIT: rplc msn lnk]

Apple pushes first Background Security Improvements update to fix WebKit flaw

Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.

BleepingComputer
The New Oil22h ago

A Tale of Two Bills: Lawful Access Returns With Changes to #Warrantless Access But Dangerous #Backdoor #Surveillance Risks Remain

https://www.michaelgeist.ca/2026/03/a-tale-of-two-bills-lawful-access-returns-with-changes-to-warrantless-access-but-dangerous-backdoor-surveillance-risks-remains/

#privacy #Canada #politics #MassSurveillance

A Tale of Two Bills: Lawful Access Returns With Changes to Warrantless Access But Dangerous Backdoor Surveillance Risks Remain - Michael Geist

The decades-long battle over lawful access entered a new phase yesterday with the introduction of Bill C-22, the Lawful Access Act. This bill follows the attempt last spring to bury lawful access provisions in Bill C-2, a border measures bill that was the new government’s first piece of substantive legislation. The lawful access elements of the bill faced an immediate backlash given the inclusion of unprecedented rules permitting widespread warrantless access to personal information. Those rules were on very shaky constitutional ground and the government ultimately decided to hit the reset button on lawful access by proceeding with the border measures in a different bill. Lawful access never dies, however. Bill C-22 cover the two main aspects of lawful access: law enforcement access to personal information held by communication service providers such as ISPs and wireless providers and the development of surveillance and monitoring capabilities within Canadian networks. In fact, the bill is separated into two with the first half dealing with “timely access to data and information” and the second establishing the Supporting Authorized Access to Information Act (SAAIA).

Michael Geist
OTX Bot1d ago

New backdoor targeting Ukrainian entities with possible links to Laundry Bear

Pulse ID: 69b9c8443f453e548185d895
Pulse Link: https://otx.alienvault.com/pulse/69b9c8443f453e548185d895
Pulse Author: Tr1sa111
Created: 2026-03-17 21:31:48

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #InfoSec #OTX #OpenThreatExchange #UK #Ukr #Ukrainian #bot #Tr1sa111

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot1d ago

New backdoor targeting Ukrainian entities with possible links to Laundry Bear

A new campaign targeting Ukrainian entities has been identified, attributed to actors linked to Russia. The campaign uses judicial and charity-themed lures to deploy a JavaScript-based backdoor called DRILLAPP, which runs through the Edge browser. This backdoor enables various actions including file manipulation, microphone access, and webcam capture. Two variants of the campaign have been observed, with the second variant introducing additional capabilities. The attackers utilize the browser's capabilities to evade detection and gain access to sensitive resources. The campaign shares tactics with a previously reported Laundry Bear operation, leading to a low-confidence attribution to this group.

Pulse ID: 69b934921c208cec80c35f6c
Pulse Link: https://otx.alienvault.com/pulse/69b934921c208cec80c35f6c
Pulse Author: AlienVault
Created: 2026-03-17 11:01:38

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Browser #CyberSecurity #Edge #ICS #InfoSec #Java #JavaScript #OTX #OpenThreatExchange #RAT #RCE #Russia #UK #Ukr #Ukrainian #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
securityaffairs2d ago
#Russia-linked #APT uses #DRILLAPP #backdoor to spy on Ukrainian targets
https://securityaffairs.com/189519/malware/russia-linked-apt-uses-drillapp-backdoor-to-spy-on-ukrainian-targets.html
#securityaffairs #hacking #Ukraine
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets

Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth.

Security Affairs
OTX Bot2d ago

Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia

A suspected Chinese state-sponsored espionage campaign targeting Southeast Asian military organizations has been identified, traced back to at least 2020. Designated as CL-STA-1087, the operation demonstrates strategic patience and focused intelligence collection on military capabilities and structures. The attackers deployed custom tools including the AppleChris and MemFun backdoors, and a modified Mimikatz variant called Getpass. The campaign is characterized by the use of dead drop resolvers, custom HTTP verbs, and anti-forensic techniques. Infrastructure analysis reveals long-term persistence and operational compartmentalization. The activity aligns with Chinese working hours and utilizes China-based cloud infrastructure, suggesting a Chinese nexus.

Pulse ID: 69b7da7a6e515e00f9cb4184
Pulse Link: https://otx.alienvault.com/pulse/69b7da7a6e515e00f9cb4184
Pulse Author: AlienVault
Created: 2026-03-16 10:24:58

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Asia #BackDoor #China #Chinese #Cloud #CyberSecurity #Espionage #HTTP #InfoSec #Military #OTX #OpenThreatExchange #RAT #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
dmpdump2d ago

Notes on an interesting low detection linux and macOS #backdoor shared by @malwrhunterteam (Likely DPRK Backdoor 🇰🇵)

🐞ELF: f26711b081192e5e0deb4dc25f68d6a2
📡Domains: mefng.giize[.]com, drawpin.accesscam[.]org, chopaw.camdvr[.]org

https://dmpdump.github.io/posts/Linux_Backdoor/

OTX Bot2d ago

Fake Claude Code Google Ads Delivering Windows Stealer and macOS Backdoor

A Google Ads campaign impersonating Claude Code documentation and
redirects users to a fake site that instructs them to run commands that
install malware on Windows and macOS system.

Pulse ID: 69b8333528047babb50a8af1
Pulse Link: https://otx.alienvault.com/pulse/69b8333528047babb50a8af1
Pulse Author: cryptocti
Created: 2026-03-16 16:43:33

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #Google #GoogleAds #InfoSec #Mac #MacOS #Malware #OTX #OpenThreatExchange #Windows #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot2d ago

Email Bombing and DNS MX Records Used to Deploy AOBackdoor by Blitz Brigantine

A threat group tracked as Blitz Brigantine is using email bombing and fake Microsoft Teams support to gain remote access via the built-in Windows Quick Assist application.

Pulse ID: 69b82da527fb3abea56d5ac5
Pulse Link: https://otx.alienvault.com/pulse/69b82da527fb3abea56d5ac5
Pulse Author: cryptocti
Created: 2026-03-16 16:19:49

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #DNS #Email #InfoSec #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #Windows #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange
OTX Bot2d ago

Email Bombing and DNS MX Records Used to Deploy AOBackdoor by Blitz Brigantine

A threat group tracked as Blitz Brigantine is using email bombing and fake Microsoft Teams support to gain remote access via the built-in Windows Quick Assist application.

Pulse ID: 69b82e0c4131df40e70da0ac
Pulse Link: https://otx.alienvault.com/pulse/69b82e0c4131df40e70da0ac
Pulse Author: cryptocti
Created: 2026-03-16 16:21:32

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #CyberSecurity #DNS #Email #InfoSec #Microsoft #MicrosoftTeams #OTX #OpenThreatExchange #Windows #bot #cryptocti

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange