LAPC Networking Inc.

02/04/2026

01/20/2026

Instagram users received emails last week about purported password reset attempts. At the same time, Instagram data appeared on the dark web.

01/15/2026

12/27/2025

12/15/2025

Researchers have found Android malware that holds your files and your device hostage until you pay the ransom.

11/03/2025

LastPass has alerted users about a new phishing attack that claims the recipient has died. According to the message, a family member has submitted a death certificate to gain access to the recipient’s password vault. A link in the phishing email, supposedly to stop the request, leads to a fake page that asks for the LastPass user’s master password.

Legacy request opened
Image courtesy of LastPass
“Legacy Request Opened (URGENT IF YOU ARE NOT DECEASED)
A death certificate was uploaded by a family member to regain access to the Lastpass account
If you have not passed away and you believe this is a mistake, please reply to this email with STOP”
LastPass links this campaign to CryptoChameleon (also known as UNC5356), a group that previously targeted cryptocurrency users and platforms with similar social engineering attacks. The same group used LastPass branding in a phishing kit in April 2024.

The phishing attempt exploits the legitimate inheritance process, which is an emergency access feature in LastPass that allows designated contacts request access to a vault if the account holder dies or becomes incapacitated.

Stealing someone’s password manager credentials gives attackers access to every login stored inside. We recently reported on an attempt to steal 1Password credentials.

Lastpass also notes that:

“Several of the phishing sites are clearly intended to target passkeys, reflecting both the increased interest on the part of cybercriminals in passkeys and the increased adoption on the part of consumers.”
Passkeys are a very secure replacement for passwords. They can’t be cracked, guessed or phished, and let you log in easily without having to type a password every time. Most password managers—like LastPass, 1Password, Dashlane, and Bitwarden—now store and sync passkeys across devices.

Because passkeys often protect high-value assets like banking, crypto wallets, password managers, and company accounts—they’ve become an attractive prize for attackers.

Advice for users

While passkeys themselves cannot be phished via simple credential theft, attackers can trick users into:

Registering a new passkey on a malicious site or a fake login page
Approving fraudulent device syncs or account transfers
Disabling passkeys and reverting to weaker login methods, then stealing those fallback credentials
LastPass and other security experts recommend:

Never enter your master password on links received via email or text.
Understand how passkeys work and keep them safe.
Only logging into your password manager via official apps or bookmarks.
Be wary of urgent or alarming messages demanding immediate action.
Remember that legitimate companies won’t ask for sensitive credentials via email or phone.
Use an up-to-date real-time anti-malware solution preferably with a web protection module.

10/28/2025

10/07/2025

APPLE FIXES CRITICAL FONT PROCESSING BUG
Update now!

Apple has released important security updates to address a critical vulnerability in FontParser—the part of MacOS/iOS/iPadOS that processes fonts.

Identified as CVE-2025-43400, the flaw was discovered internally by Apple and allows an attacker to craft a malicious font that can cause apps to crash or corrupt process memory, potentially leading to arbitrary code ex*****on.

While Apple hasn’t said it’s being actively exploited, similar bugs have been used in jailbreaks and spyware attacks in the past, so it’s smart to patch it promptly.

How to update your devices

How to update your iPhone or iPad

For iOS and iPadOS users, you can check if you’re using the latest software version, go to Settings > General > Software Update. It’s also worth turning on Automatic Updates if you haven’t already. You can do that on the same screen.

iPadOS update available for CVE-2025-43400
How to update macOS on any version

To update macOS on any supported Mac, use the Software Update feature, which Apple designed to work consistently across all recent versions. Here are the steps:

Click the Apple menu in the upper-left corner of your screen.
Choose System Settings (or System Preferences on older versions).
Select General in the sidebar, then click Software Update on the right. On older macOS, just look for Software Update directly.
Your Mac will check for updates automatically. If updates are available, click Update Now (or Upgrade Now for major new versions) and follow the on-screen instructions. Before you upgrade to macOS Tahoe 26, please read these instructions.
Enter your administrator password if prompted, then let your Mac finish the update (it might need to restart during this process).
Make sure your Mac stays plugged in and connected to the internet until the update is done.
How to update Apple Watch

Ensure your iPhone is paired with your Apple Watch and connected to Wi-Fi.
Keep your Apple Watch on its charger and close to your iPhone.
Open the Watch app on your iPhone.
Tap General > Software Update.
If an update appears, tap Download and Install.
Enter your iPhone passcode or Apple ID password if prompted.
Your Apple Watch will automatically restart during the update process. Make sure it remains near your iPhone and on charge until the update completes.

How to update Apple TV

Turn on your Apple TV and make sure it’s connected to the internet.
Open the Settings app on Apple TV.
Navigate to System > Software Updates.
Select Update Software.
If an update appears, select Download and Install.
The Apple TV will download the update and restart as needed. Keep your device connected to power and Wi-Fi until the process finishes.

Updates for your particular device

Name and information link Available for
iOS 26.0.1 and iPadOS 26.0.1 iPhone 11 and later, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 8th generation and later, and iPad mini 5th generation and later
iOS 18.7.1 and iPadOS 18.7.1 iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
macOS Tahoe 26.0.1 macOS Tahoe
macOS Sequoia 15.7.1 macOS Sequoia
macOS Sonoma 14.8.1 macOS Sonoma
visionOS 26.0.1 Apple Vision Pro
watchOS 26.0.2 no published CVE entries. Apple Watch Series 6 and later
tvOS 26.0.1 no published CVE entries. Apple TV HD and Apple TV 4K (all models)
Technical details

The vulnerability tracked as CVE-2025-43400 was described as an out-of-bounds write issue in FontParser that, when exploited, could cause the processing of a maliciously crafted font to lead to unexpected app termination or corrupt process memory.

An out-of-bounds write vulnerability means that the attacker can manipulate parts of the device’s memory that should be out of their reach. Such a flaw in a program allows it to read or write outside the bounds the program sets, enabling attackers to manipulate other parts of the memory allocated to more critical functions. Attackers can write code to a part of the memory where the system executes it with permissions that the program and user should not have.

Typically, fonts are safe and standardized files used daily in countless apps and websites, but due to this vulnerability an attacker can create a specially crafted font file containing manipulated data that exploits vulnerabilities in the font processing engine of the operating system. When this malicious font is loaded by an app or system process, it can trigger memory corruption or crashes. In worst-case scenarios, this can enable attackers to execute harmful code remotely, gaining control over the device.

Given that fonts are widely used and often processed silently in the background, font vulnerabilities pose a significant risk vector for attackers aiming to compromise devices.

09/22/2025

UPDAY YOUR CHROME TODAY : Google patches 4 vulnerabilities including one zero-day

Google has released an update for its Chrome browser to patch four security vulnerabilities, including one zero-day. A zero-day vulnerability refers to a bug that has been found and exploited by cybercriminals before the vendor even knew about it (they have “zero days” to fix it).

This update is crucial since it addresses one vulnerability which is already being actively exploited and, reportedly, can be abused when the user visits a malicious website. It probably doesn’t require any further user interaction, which means the user doesn’t need to click on anything in order for their system to be compromised.

The Chrome update brings the version number to 140.0.7339.185/.186 for Windows, Mac and 140.0.7339.185 for Linux.

The easiest way to update Chrome is to allow it to update automatically, but you can end up lagging behind if you never close your browser or if something goes wrong—such as an extension stopping you from updating the browser.

To manually get the update, click the more menu (three stacked dots), then choose Settings > About Chrome. If there is an update available, Chrome will notify you and start downloading it. Then all you have to do is reload Chrome in order for the update to complete, and for you to be safe from the vulnerabilities.

Chrome is up to date
You can find more elaborate update instructions and how to read the version number in our article on how to update Chrome on every operating system.

Technical details on the zero-day vulnerability

Google describes the zero-day vulnerability tracked as CVE-2025-10585 as a type confusion in V8. Reported by Google Threat Analysis Group on 2025-09-16.

Despite the short statement—Google never reveals a lot of details until everyone has had a chance to update—there are a few conclusions we can draw.

It helps to know that V8 is Google’s open-source Javascript engine.

A “type confusion” vulnerability happens when code doesn’t verify the object type passed to it and then uses the object without type-checking. So, a program mistakenly treats one type of data as if it were another, like confusing a list for a single value or interpreting a number as text. This mix-up can cause the software to behave unpredictably, creating opportunities for attackers to break in, steal data, crash programs, or even run malicious code.

Google’s Threat Analysis Group (TAG) focuses on spyware and nation-state attackers who abuse zero days for espionage purposes.

So, it stands to reason that an attacker used Javascript to create a malicious site that exploited this vulnerability and lured targeted victims to that website.

TAG reported the bug on September 16, and Google issued the patch one day later. That implies that the bug was urgent, or very easy to fix, and probably that both of those statements are true to some extent.

Usually, as more details become known or a patch gets reverse engineered, cybercriminals will start using the vulnerability in less targeted attacks.

Users of other Chromium-based browsers, such as Microsoft Edge, Brave, Opera, and Vivaldi, are also advised to keep an eye out for updates and install them when they become available.

09/09/2025

Process of back glass removal with out laser machine !

09/04/2025