Parents of school age kids: As if you weren’t already sh*tt*ng yourself over the state of your kids’ future world, There’s this:
instructure.com/incident_updat…
404media.co/the-biggest-studen…
Messages could include "medical circumstances, accessibility accommodations, disputes, sexual assault allegations," and more.Jason Koebler (404 Media)
I've worn a Garmin for 10+ years and logged thousands of runs, rides, hikes...you name it. That data can also tell you where I live, where I've traveled, and when I've been under stress.
After reading @zackwhittaker 's recent story on Oura ring's lack of transparency reporting, I was curious about the current state of other wearables.
I looked at 12 major wearable brands to see who publishes transparency reports (aka the documents that tell you how often a company hands your data to the government).
2 out of 12 do: Apple and Google/Fitbit.
whyli.me/blog/wearable-transpa…
emilyaustin.github.io/wearable…
Tracking which wearable health and fitness device companies publish transparency reports on government data requests.emilyaustin.github.io
📝🚨 New blog post: How a bug in Archive Utility allowed access to protected app data (including iMessage and WhatsApp chats, and Safari cookies) without any permissions.
The bug could also be exploited to hijack installed apps such as Signal and 1Password to perform phishing attacks.
Apple fixed the issue in macOS 26.4 as CVE-2026-28910, five months after we reported it
#Apple #macOS #privacy #security #cybersecurity #infosec
mysk.blog/2026/05/19/cve-2026-…
Until macOS 26.4, Archive Utility had nearly unrestricted filesystem access. Combined with a drag-and-drop sandbox quirk, this let an attacker bypass App Sandbox data containers, Transparency, Consent, and Control (TCC) protections, and hijack third-…Mysk Blog – In-Depth Cybersecurity & Mobile App Privacy Research
😎🔬 Proton VPN just got updated. When iOS updated the app with the kill switch on, it was a total mess: iOS blocked internet for nearly 6 minutes, then terminated the app and its VPN tunnel, exposing iPhone traffic and IP. The VPN required a manual restart 😠.
Watch this demo:
More context:
mastodon.social/@mysk/11647334…
#privacy #security #infosec #iOS #VPN #Apple
😱 iOS 26.4.2 still leaks the real IP when updating VPN apps. Motivated by Mullvad's recent blog, we made a website that logs the iPhone IP every second. We started Mullvad VPN, opened the website, then let Mullvad update in the background. See the leaks in action.. 🤯Link to Mullvad blog post:
mullvad.net/en/blog/force-all-…
#privacy #iOS #security #infosec
Force all app traffic into the tunnel
Apple's networking stack are preventing the iOS app from being as secure as possible, we have now secured our app to mitigate this.Mullvad VPN
FYI: FaceTime calls expose your IP to other participants. In Settings → Privacy & Security → App Privacy Report you can see recent call IPs, and others can see yours. Unlike Signal and WhatsApp, Apple offers no option to relay calls through its servers to hide your IP
🚀🤘Introducing Psylo: A New Kind of Private Browser
After 9 months of development, we're super excited to finally launch Psylo, a new kind of private web browser for iOS and iPadOS.
In Psylo, each tab is its own “silo” with isolated storage, cookies, and even its own IP address. Psylo introduces advanced anti-tracking and anti-fingerprinting features that go beyond what a VPN can offer.
Full announcement: mysk.blog/2025/06/17/introduci…
We're super excited to finally launch Psylo, a new kind of private web browser for iOS and iPadOS. In Psylo, each tab is its own *silo* with isolated storage, cookies, and even its own IP address.Mysk Blog – In-Depth Cybersecurity & Mobile App Privacy Research
#Signalapp doesn't actually delete messages when they're deleted (either manually or by automation). The message deletion is written to Write-ahead Log, and the data is only truly deleted once Signal is restarted or threshold of 1000 pages is reached. For macOS Signal application, extra complication arises from the fact that the signal message database can be backed up before the database consolidation occurs. Large amount of the supposedly already deleted messages could be recovered from the device or backups.
This concerns use cases where deleting messages actually getting removed in timely manner is of high importance and recovery of the deleted messages could lead to grave consequences.
TL;DR: If you don't care about deleted messages being actually deleted you don't need to worry.
Full advisory at: sintonen.fi/advisories/signal-…
Microsoft Issues Emergency Mitigation for YellowKey BitLocker Bypass
Microsoft released emergency mitigations for a BitLocker bypass vulnerability (CVE-2026-45585) that allows attackers with physical access to access encrypted data via the Windows Recovery Environment.
**To protect against the YellowKey physical bypass attack switch your BitLocker configuration from TPM-only to TPM+PIN configuration. Relying on hardware-only secrets is no longer sufficient when the boot process itself can be manipulated. IT teams should also manually modify their WinRE images to remove the autofstx.exe entry from the registry until Microsoft releases an official, permanent patch.**
#cybersecurity #infosec #advisory #vulnerability
beyondmachines.net/event_detai…
