Apple patches everything February 11, 2025

 iOS, iPadOS, macOS, tvOS, watchOS, and visionOS
Addressing 71 vulnerabilities 

Microsoft Patch Tuesday update Feb 10, 2025

Patch for 58 vulnerabilities 
6 actively exploited
3 publicly disclosed

• 25 Elevation of Privilege vulnerabilities
• 5 Security Feature Bypass vulnerabilities
• 12 Remote Code Execution vulnerabilities
• 6 Information Disclosure vulnerabilities
• 3 Denial of Service vulnerabilities
• 7 Spoofing vulnerabilities

Critical Out of Band Microsoft updates to Windows, Office, and Outlook January 24, 2026

Updates to Windows to fix an update to windows. Update to Office for a vulnerability from a local account. So clicking or opening an Office file.
I am seeing potential exploits from other Sun City residents. Are you?

Windows KB5078127

License Plate Readers

 Several license plate readers on entries and exits from Sun City.
Due to a vulnerability a database of Flock, the company deploying most of the license plate readers across the United states the data was not redacted.
To see where your license plate was captured and not redacted use Have I Been Flocked.

https://haveibeenflocked.com

Similar to Have I Been Pwoned for email and account information from data breaches
https://haveibeenpwned.com/

Of course you or any other person on the planet can search for any license plate and find locations recorded.

LastPass requests you create a backup of your password valt - with urgency

 PLEASE do NOT respond or action a request from LastPass to create a(nother) backup of your password vault. This is a  recent phishing campaign.
Instead of obtaining your vault password, they gain access to your ENTIRE password vault.

Browser Extension's Logo containing malware

  GhostPoster malware. 
Browser extensions can have a logo. An icon displayed as part of the browser extension.
GhostPoster malware adds JavaScript after a marker. 
So the extension displays the logo and executes the extension function as normal.
BUT the PNG logo delivers the malicious JavaScript code past most defenses.

Seven years undetected. 8 million instances, over 1 million victims.

Even more stealth. The malware loader uses several sites. The loader waits 48 hours. The loader only executes the load 10% of the time. 

Information on GhostPoster in recent.

Extreme Android Vulnerability

 AI is on a continuum between helpful and harmful. Iff we  know how AI is used. Thus today's warning.

Any Android smartphone smart tablet can be totally (kernel level takeover) by receiving an audio message. Not reading, just receiving an audio message. No clicks, no open of the audio message,  no playing of the message, no interaction.
Why? 
A vulnerability in the Dolby audio decoder. An audio decoder in almost every Android device. When receiving an audio message via any means, the decoder decodes the message for transcription   using AI.
A recent change. Now that audio decoder is exposed to the internet and any attacker. 
So, with AI the audio message can be transcribed, translated, searched, indexed, ...
Yeah but with AI on your Android device and a malicious audio message delivered with no notice or interaction AND more and more apps using Android AI features - not good.
Chaining this vulnerability with a vulnerability in BigWave (a hardware video decoding) the attacker has full kernel level control and access. Access like camera, microphone, files, Internet access, ...
Clever attackers? No, the attackers used AI to develop the attack. Google's AI developed an attack on Google Android platform.
The same Dolby audio decoder is used on iPhones and Macs but with a compile switch to prevent the vulnerability.

Please check your android device and any recent security updates.