r/secithubcommunity

Multiple users reported that Apple’s security protections suddenly began identifying the desktop app as potential malware, automatically moving it to the Trash and displaying warnings that it could damage their computers.

The issue appears linked to a third-party dependency or revoked software certificate potentially associated with suspicious activity tied to North Korean threat actors.

The incident highlights a growing software supply chain problem, modern applications rely on countless external components, and a single compromised dependency can trigger large-scale trust failures across legitimate software ecosystems.

r/SECITHUBCOMMUNITY Cyber incidents and data breach news explained with context and impact. Share your insights.

Excerpt:

A security researcher decompiled the White House’s new official app and found some alarming stuff buried in the code, including a hidden GPS tracking pipeline, JavaScript loaded from a random GitHub account, no SSL certificate pinning, and an in-app browser that silently strips cookie consent dialogs and paywalls from every page you visit.

A video of Warren Buffett opened Berkshire Hathaway’s annual meeting until CEO Greg Abel revealed it wasn’t real, but a deepfake built entirely from publicly available data.

Watch Now

The demo showed how easily voice and image can be replicated without any direct access, highlighting a growing risk: attackers don’t need to hack systems if they can convincingly impersonate trusted figures. Berkshire confirmed this isn’t theoretical, noting deepfakes are already being used in attempts to penetrate the business.

This marks a clear shift in cyber risk from technical exploits to identity-driven attacks, where trust itself becomes the attack surface.

r/SECITHUBCOMMUNITY Cyber incidents and data breach news explained with context and impact.