Researchers from Korea University have discovered a vulnerability named “SysBumps” in macOS systems on Apple Silicon, bypassing Kernel Address Space Layout Randomization (KASLR). This attack exploits speculative execution vulnerabilities, achieving a 96.28% success rate. Apple has acknowledged the issue (CVE-2024-54531) and is exploring mitigations. Users are advised to update their systems to enhance security.
Lazarus Group Hid Backdoor in Fake npm Packages in Latest Attack
North Korean hacking group Lazarus is exploiting the npm software library through malicious code disguised as legitimate packages. These packages can infiltrate developers’ systems to
