Cyber Security Headlines runC Docker threats, lost iPhone scam, Landfall spyware warning
7 snips
Nov 10, 2025 In this episode, vulnerabilities in runC could allow hackers to escape Docker containers, posing a serious risk. A warning about a phishing scam targeting lost iPhones reveals how thieves exploit contact info to steal Apple IDs. Additionally, Unit 42 highlights Landfall spyware, which can compromise Samsung Galaxy phones through malicious images. The discussion also touches on the implications of AI chat traffic patterns on privacy and recent efforts to address data security failures in education.
AI Snips
Chapters
Transcript
Episode notes
RunC Flaws Threaten Container Isolation
- RunC is the OCI reference runtime handling namespaces, mounts, and cgroups for Docker and Kubernetes.
- Three new CVEs show flaws can let attackers bypass container isolation and access the host.
Don't Trust 'Found iPhone' Texts
- Ignore unsolicited SMS or email claiming Apple's Find My team found your phone.
- Do not enter Apple ID credentials from texts and verify messages through official Apple channels.
Landfall Uses Image Zero-Day To Spy
- Landfall spyware abused a zero-day in Samsung image libraries to infect Galaxy phones via malicious DNG files.
- The campaign used WhatsApp-delivered DNGs to enable audio recording, location tracking, and data theft without user interaction.