Security

Hackers have obtained customer data from a third-party company used by major Wall Street banks, including JPMorgan Chase and Citi. The disclosure comes just days after a Doordash data breach exposed names, addresses, phone numbers, and more.

SitmusAMC helps banks process mortgage applications and other real estate loans, and says that accounting records and legal agreements have been impacted by the hack …

A Doordash data breach has exposed the personal data of an unspecified number of customers, including name, phone number, email address, and physical address.

The food delivery company says that it has implemented a number of security measures in response, including reporting the attack to law enforcement …

Update, 7:11 p.m. ET: A Meta representative reached out to 9to5Mac and provided the following statement:

“We are grateful to the University of Vienna researchers for their responsible partnership and diligence under our Bug Bounty program. This collaboration successfully identified a novel enumeration technique that surpassed our intended limits, allowing the researchers to scrape basic publicly available information. We had already been working on industry-leading anti-scraping systems, and this study was instrumental in stress-testing and confirming the immediate efficacy of these new defenses. Importantly, the researchers have securely deleted the data collected as part of the study, and we have found no evidence of malicious actors abusing this vector. As a reminder, user messages remained private and secure thanks to WhatsApp’s default end-to-end encryption, and no non-public data was accessible to the researchers.” 

A massive WhatsApp security flaw exposed the phone number of almost every user on the planet – despite the fact that parent company Meta had been alerted to the vulnerability way back in 2017.

Security researchers were able to use what they described as a “simple” exploit to extract a total of 3.5 billion phone numbers from the messaging service …

Some 2 billion email addresses and 1.3 billion passwords have been compromised in a series of data breaches highlighted by a cybersecurity company.

Microsoft regional director Troy Hunt, who runs the site Have I Been Pwned, says the stolen data is more extensive than anything the site has ever processed …

Security-conscious readers probably already use the data breach alert site Have I Been Pwned, but a new Proton website is aiming to alert you at an earlier stage with what the company says will be near real-time reporting.

The company behind ProtonMail says it has launched the Data Breach Observatory because it can sometimes take too long to find out when your personal data has been made available for sale on the dark web …

A tactic used by a growing number of scammers is to impersonate help centres in order to trick victims into sharing their screens via WhatsApp. By doing so, they can obtain sensitive information like bank account details and verification codes.

Meta says WhatsApp will now intervene when someone attempts to use screen sharing with an unknown contact during a video call. The company will also proactively flag suspicious-looking chats in Facebook Messenger …

The Department of Homeland Security says that Chinese criminal gangs have made more than $1 billion from text scams sent to US phone numbers over the past three years.

Scam texts about fake highway toll payments, US Postal Service fees, and traffic violation fines are used to obtain credit card details. They also trick victims into submitting a one-time code from their bank, which allows the criminals to add the card to Apple Wallet …

Security researchers at two US universities were able to intercept T-Mobile customer call and text data from completely unencrypted satellite communications.

Researchers were also able to eavesdrop on sensitive government communications, including US military and law enforcement agencies – and they did all of it using nothing more than an $800 off-the-shelf satellite receiver system …

Apple has announced what it describes as a “major evolution” of its Apple Security Bounty program. The company says the program has paid out more than $35 million to more than 800 security researchers so far.

Today’s announcement touts the “next major chapter” for the program, including doubling the top award to $2 million for “exploit chains that can achieve similar goals as sophisticated mercenary spyware attacks.”

A new Apple short film called The Underdogs: Blue Screen of Death has been posted to the company’s YouTube channel as part of an occasional series that was first launched back in 2019.

Eight minutes long, it’s a gentle comedy that highlights the built-in security features of Macs while also showing off a whole range of the company’s ecosystem features …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Earlier this year, Apple announced that it was leading the charge on a cross-industry effort to bring end-to-end encryption (E2EE) to the RCS Universal Profile, which is published by the GSMA. Apple told 9to5Mac in March it would come to the iPhone in a future software update. Google soon after jumped in, stating it too was ‘committed to providing a secure messaging experience.’

I didn’t think it was completely unreasonable to assume we’d see this showcased at WWDC 2025…that didn’t happen. Then I thought maybe in one of the iOS 26 betas? Also nothing. So, what happened to cross-platform E2EE for RCS messaging? Is it still coming?

Researchers have discovered major Tile security flaws that could let both the company itself and a tech-savvy stalker track your location. These arise from two crucial differences between the security used for AirTags and Tile tags.

The flaw could even be exploited to allow a malicious actor to falsely frame a Tile owner for stalking, by making it appear as if one of your Tile tags is constantly in the vicinity of somebody else’s tag …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Earlier this month, Moonlock, the cybersecurity division of MacPaw, released its Mac Security Survey 2025. It surveyed nearly 2,000 macOS users about their habits, concerns, and overall perceptions of cybersecurity on Mac. Most notably, the findings reveal an interesting shift in how Mac users perceive malware and the overall strength of Apple’s defenses.

For many years, it was accepted wisdom that Mac malware wasn’t really an issue. One of the reasons for that was that the market share was simply too low to make it a worthwhile target for attackers.

Today, of course, is a very different world. Macs are the fourth most popular brand of personal computers, and as owners of a premium brand, Mac owners make a juicy target. Does that mean you need third-party antivirus software on a Mac, or are the built-in security protections good enough? A very thorough test sought to find out …

A combination of new code spotted by Macworld and 9to5Mac suggests that Apple may be set to make two iOS 26 security changes which will make iPhones safer.

Historically, Apple has issued security patches as part of a new iOS build. This has two significant disadvantages which can leave many iPhones unprotected against the latest threats for longer than necessary …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

If you upgraded to iOS 26, you know the design changes and visual overhaul of Liquid Glass are undeniably impressive. But from a security perspective, one feature in particular has piqued my interest and seemingly gone under the radar: a new permission setting for wired accessories. This overlooked feature could be one of the most practical defenses Apple has shipped in years.

Mobile carriers are very slowly getting better at detecting and blocking scam texts, but it seems the fraudsters may still be staying ahead of the game.

Scammers are now using a technology known as SMS blasters, backpack-sized devices that can trick smartphones into thinking they are cell towers …

For the past few years, Apple has been inviting experienced researchers to apply to its security program, which issues iPhones that are especially modified to make it easier to investigate vulnerabilities. Now, applications are open to next year’s program. Here’s how you can apply.

In a threat and incidents report released today, France’s Information Security Agency confirmed that Apple issued a new wave of threat notifications earlier this month. Here are the details.