Apple's Hide My Email vulnerability reportedly exposes users' real email addresses
▲ 11 r/security+1 crossposts

Apple's Hide My Email vulnerability reportedly exposes users' real email addresses

A newly disclosed privacy vulnerability in Apple's Hide My Email feature can reportedly allow an attacker to uncover the real email address behind a generated alias. According to the researcher who found the bug, it was responsibly disclosed to Apple more than a year ago but remains unpatched, and independent testing has verified the issue

thecybersecguru.com
u/NapierPalm — 12 hours ago

Sony is removing 551 previously purchased movies from PlayStation libraries

Sony is removing 551 StudioCanal movies from PlayStation libraries in parts of Europe after a licensing agreement expired. Even customers who purchased the titles are reportedly losing access, with no refunds announced. A similar thing was done by Sony back in 2023 for discovery networks Media content. This is why physical Media will always always be better than Digital Media, especially with the push of digital-only content lately...even GTA VI doesn't have physical Media during initial pre-order stage.

thecybersecguru.com
u/NapierPalm — 2 days ago

VPNs promise privacy. History shows complete trust shouldn't be taken at face value

Over the years, several well-known VPN providers have faced controversies involving delayed breach disclosures, misleading "no-logs" claims, questionable ownership changes, infrastructure misuse, and other incidents that challenged the trust users place in them. None of this means VPNs are useless, but it does show that privacy depends on more than marketing slogans. Independent audits, transparency, and a proven track record matter far more than flashy advertisements.

thecybersecguru.com
u/NapierPalm — 2 days ago
▲ 4 r/pwnhub

Apple launches probe into alleged iPhone 18 leak following Tata Electronics breach

Following the World Leaks ransomware attack on Tata Electronics, a threat actor claimed to have stolen internal data allegedly including confidential Apple and Tesla documents. Reports indicate Apple is investigating whether iPhone 18-related information was exposed as part of the breach, putting the spotlight on supply-chain security rather than Apple's own infrastructure. More info in thr lunked article

thecybersecguru.com
u/NapierPalm — 2 days ago
▲ 207 r/pwnhub+2 crossposts

KIDS Act passes the House: Could it reshape age verification online?

The proposed KIDS Act (H.R. 7757) is far more than a social media bill. Beyond expanding child safety requirements, critics argue it could incentivize widespread age verification, affect encrypted communications, reshape platform moderation, and introduce new compliance obligations for online services. Supporters say it's designed to strengthen protections for minors, while opponents warn about privacy, security, and First Amendment implications.

This breakdown covers the bill's technical implications, how its provisions could affect platforms and users, and why it's become one of the most closely watched internet policy proposals in the U.S.

thecybersecguru.com
u/Limp_Fig6236 — 1 day ago
▲ 2 r/pwnhub

Gitea auth bypass, DOM XSS & SSRF: Technical breakdown of the latest CVEs

Gitea's latest security release patches multiple high-impact vulnerabilities, including CVE-2026-20896 (critical authentication bypass), DOM XSS, and SSRF issues. This write-up covers the root causes, exploitation paths, affected versions, and practical mitigations, with diagrams showing how each bug can be abused in real deployments. Recent advisories recommend upgrading to the latest patched release immediately and tightening reverse proxy configuration where applicable

thecybersecguru.com
u/NapierPalm — 2 days ago
▲ 2 r/pwnhub

Inside Discord's new age verification system, powered by Incode

Discord has started rolling out Incode-powered age verification in certain regions, requiring users to verify their age through either a facial age estimation scan or by submitting a government-issued ID. This article breaks down how the verification flow works, what data is processed, where the trust boundaries are, and the privacy and security implications of introducing a third-party identity verification provider into the authentication process. It also covers common concerns around biometric processing, data retention, and what this means for users, especially considering the 2025 Persona breach

thecybersecguru.com
u/NapierPalm — 3 days ago
▲ 2 r/pwnhub

New Linux LPEs "pedit COW" & DirtyClone: Public PoCs, page-cache corruption, root access

Two new Linux kernel local privilege escalation bugs—CVE-2026-46331 (pedit COW) and CVE-2026-43503 (DirtyClone)—now have public proof-of-concept exploits. Both abuse page-cache corruption through different networking code paths to escalate from an unprivileged local user to root, without modifying the file on disk

thecybersecguru.com
u/NapierPalm — 3 days ago
▲ 6 r/opsec

How much does VPN jurisdiction actually matter in an OPSEC threat model?

When building an OPSEC strategy, I often see people focus on whether a VPN is based in a Five Eyes, Nine Eyes, or Fourteen Eyes country. But is jurisdiction really one of the most important factors, or do things like a provider's logging practices, independent security audits, open-source clients, payment options, and your overall threat model matter more?

I recently read a detailed explanation of how VPN jurisdiction and intelligence-sharing alliances work, and it made me rethink how much weight I should give to the provider's country versus its technical and legal protections. Just to reiterate, I have read the rules

thecybersecguru.com
u/NapierPalm — 3 days ago
▲ 21 r/security+2 crossposts

Booking.com has suffered a data breach

A phishing campaign targeting Booking.com hotel partners is abusing the ClickFix technique to steal hotel extranet credentials and access real guest reservation data. Attackers then impersonate hotels, sending convincing emails or WhatsApp messages that include actual booking details and trick travelers into making fake payments or revealing card information. Booking.com says its own systems weren't directly breached, but affected guests should ignore off-platform payment requests and verify any payment through the official Booking.com app or website

thecybersecguru.com
u/NapierPalm — 2 days ago