Technology
Apple patches two zero-day flaws used in targeted attacks
NEWYou can now listen to Fox News articles!
Apple has released emergency security updates to fix two zero-day vulnerabilities that attackers actively exploited in highly targeted attacks.
The company described the activity as an “extremely sophisticated attack” aimed at specific individuals. Although Apple did not identify the attackers or victims, the limited scope strongly suggests spyware-style operations rather than widespread cybercrime.
Both flaws affect WebKit, the browser engine behind Safari and all browsers on iOS. As a result, the risk is significant. In some cases, simply visiting a malicious webpage may be enough to trigger an attack.
Below, we break down what these vulnerabilities mean and explain how you can better protect yourself.
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Apple released emergency updates after confirming two zero-day WebKit flaws were actively exploited in targeted attacks. (Reuters/Thomas Peter/File Photo)
NEW IPHONE SCAM TRICKS OWNERS INTO GIVING PHONES AWAY
What Apple says about the zero-day vulnerabilities
The two vulnerabilities are tracked as CVE-2025-43529 and CVE-2025-14174, and Apple confirmed that both were exploited in the same real-world attacks. According to Apple’s security bulletin, the flaws were abused on versions of iOS released before iOS 26, and the attacks were limited to “specific targeted individuals.”
CVE-2025-43529 is a WebKit use-after-free vulnerability that can lead to arbitrary code execution when a device processes maliciously crafted web content. To put it simply, it allows attackers to run their own code on a device by tricking the browser into mishandling memory. Apple credited Google’s Threat Analysis Group with discovering this flaw, which is often a strong indicator of nation-state or commercial spyware activity.
The second flaw, CVE-2025-14174, is also a WebKit issue, this time involving memory corruption. While Apple describes the impact as memory corruption rather than direct code execution, these types of bugs are often chained together with other vulnerabilities to fully compromise a device. Apple says this issue was discovered jointly by Apple and Google’s Threat Analysis Group.
In both cases, Apple acknowledged that it was aware of reports confirming active exploitation in the wild. That language is important because Apple typically reserves it for situations where attacks have already occurred, not just theoretical risks. The company says it addressed the bugs through improved memory management and better validation checks, without sharing deeper technical details that could help attackers replicate the exploits.
Devices affected and signs of coordinated disclosure
Apple has released patches across its supported operating systems, including the latest versions of iOS, iPadOS, macOS, Safari, watchOS, tvOS and visionOS.
According to Apple’s advisory, affected devices include iPhone 11 and newer models, multiple generations of iPad Pro, iPad Air from the third generation onward, the eighth-generation iPad and newer and the iPad mini starting with the fifth generation. This covers the vast majority of iPhones and iPads still in active use today.
Apple has patched the flaws across its entire ecosystem. Fixes are available in iOS 26.2 and iPadOS 26.2, iOS 18.7.3 and iPadOS 18.7.3, macOS Tahoe 26.2, tvOS 26.2, watchOS 26.2, visionOS 26.2 and Safari 26.2. Because Apple requires all iOS browsers to use WebKit under the hood, the same underlying issue also affected Chrome on iOS.
6 steps you can take to protect yourself from such vulnerabilities
Here are six practical steps you can take to stay safe, especially in light of highly targeted zero-day attacks like this.
REAL APPLE SUPPORT EMAILS USED IN NEW PHISHING SCAM
Because WebKit powers Safari and all iOS browsers, even a malicious webpage may be enough to put unpatched devices at risk. (Jakub Porzycki/NurPhoto via Getty Images)
1) Install updates as soon as they drop
This sounds obvious, but it matters more than anything else. Zero-day attacks rely on people running outdated software. If Apple ships an emergency update, install it the same day if you can. Delaying updates is often the only window attackers need. If you tend to forget about updates, let your devices handle them for you. Enable automatic updates for iOS, iPadOS, macOS and Safari. That way, you are protected even if you miss the news or are traveling.
2) Be careful with links, even from people you know
Most WebKit exploits start with malicious web content. Avoid tapping on random links sent over SMS, WhatsApp, Telegram or email unless you are expecting them. If something feels off, open the site later by typing the address yourself.
The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe.
Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android & iOS devices at Cyberguy.com.
3) Use a lockdown-style browsing setup
If you are a journalist, an activist or someone who deals with sensitive information, consider reducing your attack surface. Use Safari only, avoid unnecessary browser extensions, and limit how often you open links inside messaging apps.
4) Turn on Lockdown Mode if you feel at risk
Apple’s Lockdown Mode is designed specifically for targeted attacks. It restricts certain web technologies, blocks most message attachments, and limits attack vectors commonly used by spyware. It is not for everyone, but it exists for situations like this.
5) Reduce your exposed personal data
Targeted attacks often start with profiling. The more personal data about you that is floating around online, the easier it is to pick you as a target. Removing data from broker sites and tightening social media privacy settings can lower your visibility.
While no service can guarantee the complete removal of your data from the internet, a data removal service is really a smart choice. They aren’t cheap, and neither is your privacy. These services do all the work for you by actively monitoring and systematically erasing your personal information from hundreds of websites. It’s what gives me peace of mind and has proven to be the most effective way to erase your personal data from the internet. By limiting the information available, you reduce the risk of scammers cross-referencing data from breaches with information they might find on the dark web, making it harder for them to target you.
Check out my top picks for data removal services, and get a free scan to find out if your personal information is already out on the web by visiting Cyberguy.com.
Get a free scan to find out if your personal information is already out on the web: Cyberguy.com.
Apple urges users to install the latest updates, especially those who may face higher-risk, targeted threats. (Cheng Xin/Getty Images)
6) Pay attention to unusual device behavior
Unexpected crashes, overheating, sudden battery drain or Safari closing on its own can sometimes be warning signs. These do not automatically mean your device is compromised. However, if something feels consistently wrong, updating immediately and resetting the device is a smart move.
Kurt’s key takeaway
Apple has not shared details about who was targeted or how the attacks were delivered. However, the pattern fits closely with past spyware campaigns that focused on journalists, activists, political figures and others of interest to surveillance operators. With these patches, Apple has now fixed seven zero-day vulnerabilities that were exploited in the wild in 2025 alone. That includes flaws disclosed earlier this year and a backported fix in September for older devices.
Have you installed the latest iOS or iPadOS update yet, or are you still putting it off? Let us know by writing to us at Cyberguy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join my CYBERGUY.COM newsletter.
Copyright 2025 CyberGuy.com. All rights reserved.
Nothing’s next budget phone is the latest victim of RAMageddon. As 9to5Google reports, Nothing co-founder Akis Evangelidis announced in a post on X that a follow-up to the CMF Phone 2 Pro won’t be coming this year:
We were working on a successor but with memory prices where they are right now, we can’t build a phone that feels like a genuine step forward at a price that makes sense for CMF. As a result, we’ve decided not to launch a new CMF phone this year.
Last week, Nothing CEO and co-founder Carl Pei also said the RAM shortage has impacted the cost of the company’s mid-range phone, stating, “For Phone 4A, memory costs doubled between when we decided to build the device and when it launched. They’ve doubled again since.” According to Pei, “memory is now the most expensive component in a smartphone.” Nothing is far from the only company facing RAM pricing challenges — earlier this week, Tim Cook announced Apple will be raising prices, saying “the situation has become unsustainable.”
While there won’t be a new CMF phone this year, Evangelidis added in his post that CMF still has “several new products launching as well as some entirely new categories.” He also hinted that “the smartphone launch season at Nothing isn’t over yet.”
China approves world’s first commercial brain chip
Apple unveils new child safety tools, enabling parents to manage kid accounts, media access, communication, apps, and browsing. Tech companies like Meta, Roblox, YouTube and TikTok enhance safety with age verification, content moderation and time limits. China approves the world’s first commercial brain chip, raising privacy concerns.
NEWYou can now listen to Fox News articles!
A coin-sized brain chip in China could help people with paralysis control devices using their thoughts. China has approved a brain-computer interface called NEO for commercial medical use in certain patients with paralysis caused by spinal cord injuries. That moves brain-chip technology out of research trials and closer to real-world medical care.
Developed by researchers at Tsinghua University and Shanghai-based Neuracle Technology, NEO sits under the skull but rests on the brain’s protective outer layer rather than piercing deep into brain tissue. That design could make it less invasive than some competing implants.
For patients who have lost movement, this kind of technology could be life-changing. It could help restore a level of independence that once felt out of reach. But here’s where we need to slow down a bit. If a brain chip can turn your brain signals into digital commands, we need to ask who controls that data and how well it is protected.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
BRAIN IMPLANT ENABLES ALS PATIENT TO COMMUNICATE USING AI
China’s NEO brain implant could help some paralysis patients control devices, like prosthetic hands, with their thoughts while raising concerns over brain data privacy. (Tsinghua University)
What is China’s NEO brain chip?
NEO is a brain-computer interface, often called a BCI. These systems read brain activity and translate it into commands for an external device. In this case, the implant uses sensors placed near the brain’s motor-control area. Those signals can help a patient operate equipment such as a robotic glove or computer interface.
What makes NEO especially notable is its placement. Brain-computer interfaces can be designed in different ways, and some go deeper into the brain than others. The company most people know in this space is Neuralink, the brain-chip startup co-founded by Elon Musk. Its implant uses tiny threads that enter the brain’s cortex. NEO takes a less invasive approach by placing electrodes on the dura mater, which is the protective membrane around the brain.
That design matters because every brain implant carries medical risk. Surgery can cause bleeding, swelling, infection or tissue damage. Even a small complication in the wrong part of the brain can affect speech or movement.
China’s approval does not mean brain chips are suddenly available for anyone who wants one. This remains a medical device for a narrow group of patients. Right now, the focus centers on helping people with severe paralysis regain some digital or assisted movement control.
Why China’s brain chip breakthrough matters
The medical upside here is hard to deny. More than three billion people worldwide live with neurological conditions, according to the World Health Organization. That includes people dealing with stroke, epilepsy, Parkinson’s disease, spinal cord injuries and other serious conditions.
For someone who has spent years unable to move freely or communicate easily, even a small amount of restored control could feel enormous. That is why brain-computer interfaces are getting so much attention. They could give some patients a new way to interact with the world around them.
Neuralink has already shown what that can look like in real life. Audrey Crews, a Neuralink trial participant who has been paralyzed for years, publicly shared that she wrote her name using the implant by controlling her computer.
ELON MUSK SHARES PLAN TO MASS-PRODUCE BRAIN IMPLANTS FOR PARALYSIS, NEUROLOGICAL DISEASE
How China’s brain chip compares with Neuralink
Elon Musk’s Neuralink has attracted most of the public attention in the U.S. brain-chip race. Musk has talked openly about restoring movement, helping people communicate and one day addressing vision loss.
Neuralink received approval to begin human trials, and more than 20 people have reportedly received its implant through testing. However, it has not received broad FDA approval for general commercial use.
China’s NEO approval puts a different kind of pressure on the field. It shows that China wants to move brain-computer interface technology into its health system and build a major industry around it.
This also fits a larger pattern. China has made BCI development part of its strategic technology push. The country wants breakthroughs by 2027 and a globally competitive brain-computer interface industry by 2030.
The coin-sized NEO brain chip rests on the brain’s protective outer layer, making it less invasive than implants that pierce brain tissue. (Tsinghua University)
Why brain chip privacy is such a big concern
We already worry about phones listening, apps tracking location and smart TVs collecting viewing habits. Brain-computer interfaces take that concern to another level.
A BCI collects signals from the nervous system. Today, that may mean decoding movement intent, such as whether a patient wants to move a cursor left or right. But as the technology improves, the data could become more sensitive.
That raises some big questions. Who owns the brain data? Can it be sold, shared or used to train AI systems? Could an insurer, employer or government ever demand access? What happens if a company changes its privacy policy after the implant becomes part of someone’s daily life?
Those questions sound dramatic until you remember how many connected devices began as conveniences and turned into data pipelines.
A brain chip designed for medical help should not become another ad platform, another surveillance tool or another database waiting to be breached.
YOUR HEALTH DATA IS BEING SOLD WITHOUT YOUR CONSENT
Could hackers target brain-computer interfaces?
This is where the whole brain-chip conversation gets very serious. Any device that connects to a computer raises security questions. A brain-computer interface raises even bigger ones because it deals with signals from your body and, in some cases, the devices that help you move or communicate.
The concern here is someone getting access to neural data, device settings or the commands moving between the implant and outside equipment. Think about that for a second. If a brain chip helps someone control a robotic hand, a wheelchair or a communication device, a security failure could affect far more than privacy. It could affect that person’s independence and safety. That to me is scary.
Companies building these devices need to treat cybersecurity like part of the surgery, not some software update they figure out later. Encryption, strict access controls, medical-grade testing and clear update policies should be baked in from day one.
And because a brain implant may stay inside a person’s body for years, long-term support has to be part of the deal. No one should end up with an outdated implant in their head because a company moved on to the next big product launch.
What China’s brain chip means to you
For now, this technology is geared toward patients with serious medical needs. So, no, most of us are not lining up for a brain chip anytime soon. But this should still get your attention.
We already give up a lot of personal data through our phones, watches, cars and smart home devices. A brain implant takes that to a whole different level because the data comes from inside the body. That is about as personal as it gets.
Before this technology moves beyond hospitals and medical trials, patients need plain answers before they agree to anything. They should know who can access the data, how long it gets stored, whether it can be shared and whether it can help train AI systems.
The medical potential here is incredible. Helping someone regain control or communicate again could change a life. But the privacy protections need to be just as strong as the technology itself.
NEURALINK BRAIN IMPLANT HELPS ARIZONA MAN REGAIN CONTROL OF HIS LIFE
Brain-computer interfaces, like Neuralink, pictured here, could restore independence for some patients, but experts say neural data needs strong privacy and cybersecurity protections. (Neuralink)
Watch the CyberGuy Live replay: Lock Down Your Phone in 30 Minutes
Your phone holds your email, passwords, photos, banking apps and personal data. In this free CyberGuy Live replay, Kurt the CyberGuy walks you step by step through simple phone security fixes you can do at your own pace. You’ll learn how to improve your privacy settings, spot the latest phone scams, use trusted security tools and walk away with a simple checklist to stay protected. Watch the replay and get our checklist here: CyberGuyLive.com
Kurt’s key takeaways
China’s NEO brain chip could be a huge step forward for people living with paralysis. If this technology helps someone regain control or communicate again, that is powerful. But I also think we need to be very careful here. Once a device connects your brain signals to outside technology, the privacy stakes change fast. We are talking about data tied to your nervous system. That to me is the line we need to watch closely. Brain chips could do incredible good. But companies and governments need clear limits before this technology moves any further into everyday life. The promise is real. So are the risks. And when the data comes from inside your own head, “trust us” will never be enough.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Would you ever consider a brain implant if it could restore movement or communication, or does the privacy risk feel too personal to accept? Let us know by writing to us at CyberGuy.com.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
Relativity Space, the rocket company led by former Google executive Eric Schmidt, was picked to launch NASA’s Aeolus payload to Mars in 2028, as reported earlier by TechCrunch. Under a new public-private partnership, Relativity Space will provide the “spacecraft, rocket, and cruise operations” to fly Aeolus to Mars, where the payload will “provide the first integrated, daily, global view of Martian winds, temperatures, dust, and clouds.”
The Aeolus payload will have four instruments on board for studying the Martian atmosphere, which NASA says will “directly inform entry, descent, and landing systems and support safer, more predictable mission planning for astronauts.”
Schmidt, who served as CEO of Google from 2001 to 2011, became Relativity Space’s CEO in 2025, a couple of years after it launched the “world’s first 3D-printed rocket,” Terran 1, which failed shortly after launch. Relativity Space’s larger Terran R rocket isn’t scheduled to have its first launch until later this year.
-
Detroit, MI19 minutes agoToday in History: June 20, race-related rioting erupts in Detroit
-
San Francisco, CA29 minutes agoSan Francisco hotels see steady World Cup business, but fall short of Super Bowl surge
-
Dallas, TX34 minutes agoDallas International Piano Competition brings finalists June 23
-
Miami, FL41 minutes agoWhere to watch San Francisco Giants vs Miami Marlins: TV channel, start time, streaming for June 20
-
Boston, MA44 minutes agoDuck parades, outdoor drinking, and Gronk in a kilt. Here’s how Friday’s World Cup festivities unfolded. – The Boston Globe
-
Denver, CO49 minutes agoRockies ride Kyle Freeland’s gem, Braxton Fulford’s double to 4-3 win over Pirates
-
Seattle, WA56 minutes agoSuarez’s no-hit try ends on Naylor double in seventh, but Boston still tops Seattle
-
San Diego, CA59 minutes agoNeymar expected to return from right calf injury and play for Brazil in World Cup against Scotland
