Security

Hackers managed to trick Meta’s AI-powered support bot into allowing them to take over a number of Instagram accounts, including some high-profile ones. This included accounts belonging to the White House, US Space Force, and security researcher Jane Wong.

Update: Meta has now revealed that around 20,000 accounts were compromised and has explained the steps it has taken in response …

• Mac
• Security
• ChatGPT
• OpenAI

PSA: A security breach means you must update the ChatGPT Mac app [U]

If you use the ChatGPT desktop app on Mac, you’ll be forced to update it sometime between now and June 12. That’s due to a security breach involving two OpenAI employee devices. As of June 2, the company is emailing users to remind them to accept the update when offered.

Apple is working on a new iPhone security feature that can automatically lock the device when it detects that it has been snatched from the user’s hand. Here are the details.

• Security

Apple adds new CVE details to several macOS, iOS, iPadOS, visionOS, and watchOS updates [U]

Apple today updated the security content pages for several macOS, iOS, iPadOS, visionOS, and watchOS releases, adding new CVE details for vulnerabilities addressed in each update. Here are the details.

The FBI and NSA jointly announced that Russia has been systematically compromising the security of home and small office routers since at least 2024.

They obtained a court order to allow them to remotely reset thousands of affected devices in the US, but if yours is one of them, it needs to be urgently replaced …

Apple released iOS 26.5, iPadOS 26.5, macOS 26.5, watchOS 26.5, and more today. In addition to new features, the updates also include security fixes, including for over 50 vulnerabilities in iOS 26.5 alone. Here are the details.

After exclusively sharing details with 9to5Mac last September on ModStealer, a cross-platform infostealer invisible to every major antivirus engine at the time, Mosyle, a leader in Apple device management and security, is back with two more macOS threats that are flying completely under the radar.

In new details again shared with 9to5Mac, the Mosyle Security Research Team says it has identified two previously undetected samples: Phoenix Worm, a cross-platform stager, and ShadeStager, a modular macOS implant built for credential theft. The two aren’t directly connected in how they work, but together show just how sophisticated Mac malware is getting.

Last month saw a surprise ban on almost every new wireless router intended for use in US homes. The FCC ruling described all foreign-made routers as a national security risk.

The FCC offered a pathway to approval, and today Netgear has received that – but nobody knows why. Not even Netgear itself was able to offer an explanation …

OpenAI has announced a new AI model called GPT-5.4-Cyber. Similar to Anthropic’s Claude Mythos, this new “cyber-permissive” variant of its GPT-5.4 is built for defensive cybersecurity and not public use.

A new investigation shows that hackers are still relying on old tricks to break into iPhones and Android devices. Here are the details.

The FBI says that a sharp rise in scams saw cybersecurity crime cost US victims a total of almost $21 billion last year. The most common example was investment scams, with cryptocurrency fraud responsible for the largest losses.

The report includes AI-related scams for the first time. The agency says that the use of voice cloning, forged documents, and deepfake videos were responsible for £893m in losses …

iPhone security has been in the news this month as Apple patches known exploits. As promised, the company has alerted customers using iPhones on older software to update this week. Meanwhile, Apple states on-the-record that its Lockdown Mode has proven effective against hack attempts so far.

iOS 26.4 launched yesterday with new emoji and plenty of new features. Additionally, iOS 26.4 brings over 35 key security fixes for your iPhone per Apple’s detailed release notes.

The tech industry is currently in the middle of a rather gradual security transition from usernames and passwords to passkeys.

Passkeys are far more secure as online services don’t store your username and password, but Reddit CEO Steve Huffman says that the use of Face ID and Touch ID has an additional benefit …

Following its recent disclosure of the Coruna exploit chain targeting older iOS versions, the company has now revealed a similar attack believed to be called DarkSword. Here are the details.

Apple has published a new support document that encourages customers to update to the latest iOS versions in order to “protect your iPhone from web attacks.”

Apple has released the first public Background Security Improvement for iPhone, iPad, and Mac. There are four versions of the release.

TikTok is setting itself apart from most other online platforms that offer messaging by stating that it won’t be introducing end-to-end encryption to ensure the privacy of direct messages.

This means that the company will be able to read messages sent between users, which is likely to cause concerns even after its US operations were separated from its Chinese owner …

Update: Added comment from TikTok below

You may recall that way back in 2017, the WPA2 encryption standard used by most Wi-Fi routers at the time was cracked and had to be replaced with a new version, WPA3. Now a new attack method dubbed AirSnitch means that Wi-Fi encryption on most networks can be bypassed in order to access all of the traffic passing through the router.

Almost all routers are vulnerable, so there are three steps you should take in order to protect yourself, with the greatest risk occurring through use of public Wi-Fi hotspots …

9to5Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready and enterprise-safe is all we do. Our unique integrated approach to management and security combines state-of-the-art Apple-specific security solutions for fully automated Hardening & Compliance, Next Generation EDR, AI-powered Zero Trust, and exclusive Privilege Management with the most powerful and modern Apple MDM on the market. The result is a totally automated Apple Unified Platform currently trusted by over 45,000 organizations to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.

Much like the infamously useless “close door” button in an elevator, reporting spam on an iPhone or Mac often feels like a placebo. This skepticism isn’t exclusive to Apple either. There is widespread distrust of reporting features in general. The issue largely stems from a lack of transparency. Because users rarely see a noticeable decline in junk mail after hitting “report,” many assume the button does nothing and eventually stop using it altogether.

While Apple does provide a great support document for how to make reports, it doesn’t explain exactly what it does with these reports to improve its security prowess. Allow me to shed some light here…

An unsecured database that likely contains tens of millions of unique Social Security numbers, alongside email addresses and passwords, has been discovered by security researchers.

While the database appears to have been collated from a number of separate data breaches over approximately a decade, the researchers explain why even very old personal data remains a live threat …