Apple is making its phones harder to hack. NVIDIA has patched dangerous flaws. Companies face a new 2FA phishing threat, and Jaguar Land Rover shares an update after last week’s cyberattack.
Let's dig deeper into the details.
Salty2FA Phishing Kit Hits Enterprises
Hackers have found a new way to bypass two-factor authentication. A phishing kit called Salty2FA is targeting companies in the US and Europe. It can get around common methods like SMS codes, push notifications, and voice verification. Finance, energy, telecom, and education companies are the main targets.
What’s the Implication of this?
Even standard two-factor authentication can be bypassed, putting companies at risk.
What You Can Do
- Strengthen email security.
- Train employees to recognize phishing attempts.
- Use stronger authentication methods like security keys or authenticator apps.
Apple iPhone 17 and iPhone Air Add Extra Protection
Apple is taking steps to make iPhones harder to hack. The iPhone 17 and iPhone Air will feature a new "Memory Integrity Enforcement (MIE)" security function built into their A19 and A19 Pro chips. This will prevent unauthorized access to memory, blocking attempts that try to steal your data.
What’s the Implication of this?
These iPhones are better protected against spyware and malware like Pegasus.
What You Can Do
- Update to the latest iOS version, enable automatic updates.
- Avoid untrusted apps or suspicious links.
NVIDIA Fixes Flaws in NVDebug Tool
NVIDIA has released an urgent update for its NVDebug tool after discovering three major security flaws. The most critical, CVE-2025-23342 with a score of 8.2, involves weakly protected credentials that could let attackers gain full control of a system.
The second flaw, CVE-2025-23343, is a path traversal bug that could allow someone to write files in restricted areas and tamper with data. The third, CVE-2025-23344, is a command injection issue that could let attackers run their own code on a machine.
Together, these flaws create a clear path for attackers to escalate from limited access to full admin rights, putting systems and data at risk.
What’s the Implication of this?
It shows how dangerous unpatched developer tools can be. Attackers can turn them into a way to take full control of system
What You Can Do
- Update to NVDebug version 1.7.0 or later.
- Limit admin access and ensure only necessary people can use the tool.
Jaguar Land Rover Data Breach: Follow-Up
Jaguar Land Rover’s cyberattack is more serious than first thought. In our last roundup news, we reported that production paused in the UK.
The latest update shows that systems in China, Slovakia, and India were also affected. While JLR initially said customer data was safe, it now appears some information was compromised. The company is working with regulators to understand the full impact.
What’s the Implication of this?
Even large companies are vulnerable. Cyberattacks can disrupt production and compromise sensitive information.
What You Can Do
- Keep monitoring your JLR accounts for unusual activity.
- Be cautious with suspicious emails or calls.
- Follow the company’s guidance on protecting your data.
Cyber threats are more than the stories we just covered. They reach into every part of life. As digitization grows, everything from businesses to even smart homes has become a target.
You can stay prepared by checking out our cyber awareness programs.
Loved this? Join our newsletter for more updates and insights.