Security

After exclusively sharing details with 9to5Mac last September on ModStealer, a cross-platform infostealer invisible to every major antivirus engine at the time, Mosyle, a leader in Apple device management and security, is back with two more macOS threats that are flying completely under the radar.

In new details again shared with 9to5Mac, the Mosyle Security Research Team says it has identified two previously undetected samples: Phoenix Worm, a cross-platform stager, and ShadeStager, a modular macOS implant built for credential theft. The two aren’t directly connected in how they work, but together show just how sophisticated Mac malware is getting.

Last month saw a surprise ban on almost every new wireless router intended for use in US homes. The FCC ruling described all foreign-made routers as a national security risk.

The FCC offered a pathway to approval, and today Netgear has received that – but nobody knows why. Not even Netgear itself was able to offer an explanation …

OpenAI has announced a new AI model called GPT-5.4-Cyber. Similar to Anthropic’s Claude Mythos, this new “cyber-permissive” variant of its GPT-5.4 is built for defensive cybersecurity and not public use.

A new investigation shows that hackers are still relying on old tricks to break into iPhones and Android devices. Here are the details.

The FBI says that a sharp rise in scams saw cybersecurity crime cost US victims a total of almost $21 billion last year. The most common example was investment scams, with cryptocurrency fraud responsible for the largest losses.

The report includes AI-related scams for the first time. The agency says that the use of voice cloning, forged documents, and deepfake videos were responsible for £893m in losses …

iPhone security has been in the news this month as Apple patches known exploits. As promised, the company has alerted customers using iPhones on older software to update this week. Meanwhile, Apple states on-the-record that its Lockdown Mode has proven effective against hack attempts so far.

iOS 26.4 launched yesterday with new emoji and plenty of new features. Additionally, iOS 26.4 brings over 35 key security fixes for your iPhone per Apple’s detailed release notes.

The tech industry is currently in the middle of a rather gradual security transition from usernames and passwords to passkeys.

Passkeys are far more secure as online services don’t store your username and password, but Reddit CEO Steve Huffman says that the use of Face ID and Touch ID has an additional benefit …

Following its recent disclosure of the Coruna exploit chain targeting older iOS versions, the company has now revealed a similar attack believed to be called DarkSword. Here are the details.

Apple has published a new support document that encourages customers to update to the latest iOS versions in order to “protect your iPhone from web attacks.”

Apple has released the first public Background Security Improvement for iPhone, iPad, and Mac. There are four versions of the release.

TikTok is setting itself apart from most other online platforms that offer messaging by stating that it won’t be introducing end-to-end encryption to ensure the privacy of direct messages.

This means that the company will be able to read messages sent between users, which is likely to cause concerns even after its US operations were separated from its Chinese owner …

Update: Added comment from TikTok below

You may recall that way back in 2017, the WPA2 encryption standard used by most Wi-Fi routers at the time was cracked and had to be replaced with a new version, WPA3. Now a new attack method dubbed AirSnitch means that Wi-Fi encryption on most networks can be bypassed in order to access all of the traffic passing through the router.

Almost all routers are vulnerable, so there are three steps you should take in order to protect yourself, with the greatest risk occurring through use of public Wi-Fi hotspots …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Much like the infamously useless “close door” button in an elevator, reporting spam on an iPhone or Mac often feels like a placebo. This skepticism isn’t exclusive to Apple either. There is widespread distrust of reporting features in general. The issue largely stems from a lack of transparency. Because users rarely see a noticeable decline in junk mail after hitting “report,” many assume the button does nothing and eventually stop using it altogether.

While Apple does provide a great support document for how to make reports, it doesn’t explain exactly what it does with these reports to improve its security prowess. Allow me to shed some light here…

An unsecured database that likely contains tens of millions of unique Social Security numbers, alongside email addresses and passwords, has been discovered by security researchers.

While the database appears to have been collated from a number of separate data breaches over approximately a decade, the researchers explain why even very old personal data remains a live threat …

Badged versions of TP-Link routers are supplied to US customers by more than 300 ISPs, making them the most widely used Wi-Fi routers in the country, found in millions of US homes.

It therefore caused grave concern when security researchers at Microsoft found that a hacking group based in China was using vulnerabilities in the devices to carry out cyber attacks in the US. It had been widely expected that the routers would be banned from sale in the US, but politics seemingly intervened. However, the battle is not yet over …

Both the founders of WhatsApp and current owner Meta state that the app uses end-to-end encryption, meaning that nobody outside the chat can access the content. A lawsuit claims that this isn’t true and that anyone inside Meta can get full access to all of the messages sent or received by any WhatsApp user.

Johns Hopkins University professor and cryptographer Matthew Green has weighed in with a blog post analyzing the claims and likely reality …

The Electronic Frontier Foundation (EFF) is out with a new campaign that presses tech companies to move faster to protect user data through end-to-end encryption, and stronger defaults and privacy settings. Here are the details.

A database containing 149 million account logins has been found sitting unsecured on a cloud service. The records include 900,000 usernames and passwords for Apple accounts.

It was discovered by the same security researcher who found a similar database of 184 million records last year …

An effort led by security research lab CovertLabs is actively uncovering troves of (mostly) AI-related App Store apps that leak and expose user data, including names, emails, and chat history. Here are the details.