Security

Scammers are using AI tools to create increasingly convincing ways to trick victims into sending money, and to access the personal information needed to commit identity theft. Deepfakes mean they can impersonate the voice of a friend or family member, and even fake a video call with them!

The result can be criminals taking out thousands of dollars worth of loans or credit card debt in your name. Fortunately there are steps you can take to protect yourself against even the most sophisticated scams. Here are the security and privacy checks to run to ensure you are safe …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Earlier this week, during its annual WWDC keynote, Apple unveiled a slew of headline features like Liquid Glass, a new Games app, and Visual Intelligence, as well as two major spam protection tools coming to iOS 26 this fall. While I was a little disappointed in the lack of new security or even privacy features, these new tools will change the game for users who receive annoying spam calls and messages on the daily. Here’s how they work.

Today, Apple confirmed (via TechCrunch) that a zero-day flaw used to deploy mercenary spyware onto journalists’ iPhones was quietly patched earlier this year, with the iOS 18.3.1 update.

A massive international law enforcement operation coordinated by Interpol has seen one of the biggest ever takedowns of a malware network.

The simultaneous strike across 26 countries resulted in more than 20,000 domains being taken offline, and the arrest of 32 suspects …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

It’s no secret that AI is improving the way scammers operate. Phishing texts are more convincing than ever, and malicious emails can look legitimate for longer than just a glance. Attackers are getting smarter about how they trick people into handing over money or personal info. But the good guys are getting better, too.

Earlier this week, Malwarebytes, best known for its real-time anti-malware protection software, launched a new AI-powered feature aimed specifically at mobile scams. I’ve been testing it out for the past few days. Here’s how it works and my quick thoughts on it.

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

We’re officially just over a week away from WWDC 2025. While we expect big design enhancements and much-needed Apple Intelligence improvements to iOS, Apple has the opportunity to do something it’s quite good at: flexing its privacy prowess.

Apple login credentials were among a massive database of 184 million records found sitting unprotected on a web server. Other logins included Facebook, Google, Instagram, Microsoft, and PayPal.

The owner of the database is unclear, but the security researcher who discovered it says that it amounts to “a cybercriminal’s dream working list” …

A Coinbase hack has seen some customers tricked into sending funds to the attackers, with the company estimating that they suffered losses of somewhere between $180M and $400M.

The attackers also stole personal data, after Coinbase refused to pay a ransom demand – instead reporting the hack to law enforcement, and offering a $20M reward for information on the perpetrators …

The Android and iPhone spyware company NSO has suffered a major defeat in a US court, after a judge ruled that the company must hand over its Pegasus code to Meta.

Update: NSO was yesterday ordered to pay Meta more than $167M in damages for the attack. It’s the latest setback for the company, which has been blacklisted in the US, sued by Apple, seen victims alerted by the iPhone maker, and faced severe financial problems …

Apple has notified iPhone users in 100 countries that their devices have been infected with spyware, implying that it may be NSO’s Pegasus.

The company has warned victims to take it seriously, and to immediately take a number of security actions in response. One of the recipients has shared almost the entire message, the first time I can recall seeing more than a brief excerpt …

Security vulnerabilities discovered in Apple’s AirPlay SDK mean that millions of devices could be hacked by attackers. The flaw has been dubbed AirBorne.

Related vulnerabilities would also have allowed hackers to attack Apple devices too, but the iPhone maker says it has issued fixes for these in the past few months. CarPlay devices are also vulnerable, though the real-life risks there are very low …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

This year marks the 25th anniversary of the FBI’s Internet Crime Complaint Center, or IC3 for short. Since its inception in 2000, the organization has released an annual report detailing trends based on the thousands of cybercrime complaints it receives daily from victims. This week, the FBI released its 2024 Internet Crime Report, revealing a record $16.6 billion in reported losses—a 33% increase and “a new record for losses reported to IC3.”

If there’s one thing this report highlights best, it’s that humans are more vulnerable than machines.

Detecting scam emails is getting increasingly difficult as attackers use more and more sophisticated methods. A new report highlights a method which makes fake security alerts from Google and PayPal look extremely convincing.

It reinforces the need to apply a simple but effective safeguard anytime you receive what seems to be an important email requiring your immediate attention …

Federal funding has been restored for a crucial cybersecurity program used by Apple and other tech giants, in a last-minute U-turn. Security experts had described the original decision to remove funding as stupid, dangerous, and chaotic.

However, the future of the Common Vulnerabilities and Exposures (CVE) program remains uncertain, despite its role in helping tech giants identify and fix security holes found in their products …

Apple released iOS 18.4.1, and in addition to CarPlay bug fixes, the update also patches two security vulnerabilities that Apple says were actively exploited in the wild. The security fixes are also included in macOS Sequoia 15.4.1, tvOS 18.4.1, and visionOS 2.4.1.

The CVE security program used to track vulnerabilities in both hardware and software has had its federal funding removed with immediate effect. Apple is one of a number of tech giants who rely on the Common Vulnerabilities and Exposures (CVE) program to identify security flaws in their products.

Update: CVE board members have responded by announcing a new non-profit known as the CVE Foundation, intended to continue the work – more at the end …

Car rental company Hertz says that the personal data of an unspecified number of customers was stolen, and that this includes name, contact information, date of birth, credit card information, and driver’s license information.

While the company has not revealed the scale of the security breach, it appears to be a very substantial one, affecting customers in the US, Canada, UK, EU, and Australia …

iPhone farms – banks of phones equipped with rotating temporary Apple IDs – are being used to send more 100,000 scam iMessages per day, found security researchers.

By using iMessages rather than texts, scammers can bypass spam and scam filters implemented by mobile carriers. Fraudsters don’t even need any technical skills to carry out their attacks, as there are companies offering phishing-as-a-service (PhAAS) …

At least five VPN apps in the App Store were found to have links to the Chinese military, according to a new report today. Three of them have racked up more than a million downloads.

A subsidiary of one of the Chinese companies behind the apps is currently hiring for a role in “monitoring and analysing platform data,” with a familiarity with American culture listed as a job requirement …