Company Update

Apple Bounty, Android Attack, Surveillance & MANGO Breach – 10/15/2025

Chris Armour
October 14, 2025
Apple Bounty, Android Attack, Surveillance & MANGO Breach – 10/15/2025

Today’s privacy landscape is marked by both proactive security measures and emerging threats. Apple’s enhanced bug bounty program highlights the industry’s focus on combating sophisticated spyware, while a novel Android attack demonstrates the evolving tactics of data extraction. Additionally, revelations about a global surveillance empire and a data breach at fashion retailer MANGO underscore the persistent challenges in safeguarding personal information.

Top 5 Critical Privacy Alerts

  • Apple’s Bug Bounty Program: Apple is offering a $2M bounty for zero-click exploits, aiming to combat mercenary spyware attacks. The program includes increased rewards for Lockdown Mode bypasses and iCloud access exploits. Read more
  • New Android Pixnapping attack steals MFA codes pixel-by-pixel: A malicious Android app can extract sensitive data by stealing pixels and reconstructing them. This side-channel attack requires no permissions. Read more
  • The Surveillance Empire That Tracked World Leaders, a Vatican Enemy, and Maybe You: First Wap’s European founders built a phone-tracking empire operating from Jakarta. Their reach extends from the Vatican to the Middle East to Silicon Valley. Read more
  • Clothing giant MANGO discloses data breach exposing customer info: Spanish fashion retailer MANGO warns customers of a data breach at its marketing vendor. The breach exposed personal data. Read more
  • F5 says hackers stole undisclosed BIG-IP flaws, source code: Nation-state hackers breached F5 and stole undisclosed BIG-IP security vulnerabilities and source code. Patches have been released to address the stolen vulnerabilities. Read more

Apple

  • Apple’s Bug Bounty Program: Apple is offering a $2M bounty for zero-click exploits, aiming to combat mercenary spyware attacks. The program includes increased rewards for Lockdown Mode bypasses and iCloud access exploits. Read more

Cybersecurity

  • Incident Response Defenses: Can You Take Advantage of a Cyber Program Safe Harbor?: Many organizations are budgeting and planning for data incident preparedness. Several states have safe harbor provisions for organizations with cyber programs. Read more

Data Breach

  • Incident Response Defenses: Can You Take Advantage of a Cyber Program Safe Harbor?: Many organizations are budgeting and planning for data incident preparedness. Several states have safe harbor provisions for organizations with cyber programs. Read more

Data Security

  • Incident Response Defenses: Can You Take Advantage of a Cyber Program Safe Harbor?: Many organizations are budgeting and planning for data incident preparedness. Several states have safe harbor provisions for organizations with cyber programs. Read more

Microsoft

  • Microsoft: Sept Windows Server updates cause Active Directory issues: Microsoft confirms that the September 2025 security updates are causing Active Directory issues on Windows Server 2025 systems. Details are emerging. Read more
  • Final Windows 10 Patch Tuesday update rolls out as support ends: Microsoft released the final free update for Windows 10 as it reaches the end of its support lifecycle. This marks the end of an era. Read more
  • Microsoft: Exchange 2016 and 2019 have reached end of support: Microsoft reminds that Exchange Server 2016 and 2019 have reached the end of support. IT admins should upgrade to Exchange Server SE or migrate to Exchange Online. Read more

Mobile

  • New Android Pixnapping attack steals MFA codes pixel-by-pixel: A malicious Android app can extract sensitive data by stealing pixels and reconstructing them. This side-channel attack requires no permissions. Read more

Security

  • F5 releases BIG-IP patches for stolen security vulnerabilities: F5 released security updates to address BIG-IP vulnerabilities stolen in a breach detected on August 9, 2025. Apply the patches immediately. Read more
  • Clothing giant MANGO discloses data breach exposing customer info: Spanish fashion retailer MANGO warns customers of a data breach at its marketing vendor. The breach exposed personal data. Read more
  • How to spot dark web threats on your network using NDR: Dark web activity can hide in plain sight within network traffic. Corelight’s NDR platform provides visibility and AI-driven detection. Read more
  • F5 says hackers stole undisclosed BIG-IP flaws, source code: Nation-state hackers breached F5 and stole undisclosed BIG-IP security vulnerabilities and source code. Patches have been released to address the stolen vulnerabilities. Read more
  • Malicious crypto-stealing VSCode extensions resurface on OpenVSX: A threat actor is targeting developers with malicious VSCode extensions to steal cryptocurrency and plant backdoors. Be cautious when installing extensions. Read more
  • New Android Pixnapping attack steals MFA codes pixel-by-pixel: A malicious Android app can extract sensitive data by stealing pixels and reconstructing them. This side-channel attack requires no permissions. Read more

Surveillance

  • The Surveillance Empire That Tracked World Leaders, a Vatican Enemy, and Maybe You: First Wap’s European founders built a phone-tracking empire operating from Jakarta. Their reach extends from the Vatican to the Middle East to Silicon Valley. Read more

Uncategorized

  • Opt Out October: Daily Tips to Protect Your Privacy and Security: EFF provides daily tips to protect your privacy and security during Opt Out October. Learn how to opt out of tech giant surveillance. Read more
  • Digital ID: Danes and Estonians find it ‘pretty uncontroversial’: Citizens in Denmark and Estonia have enrolled in digital ID systems with little opposition. The UK is planning a similar system. Read more
  • OpenAI will allow verified adults to use ChatGPT to generate erotic content: OpenAI plans to relax restrictions on ChatGPT, allowing erotic content for verified adult users. Age verification methods are forthcoming. Read more

Exploits

  • Apple’s Bug Bounty Program: Apple is offering a $2M bounty for zero-click exploits, aiming to combat mercenary spyware attacks. The program includes increased rewards for Lockdown Mode bypasses and iCloud access exploits. Read more

Spyware

  • Apple’s Bug Bounty Program: Apple is offering a $2M bounty for zero-click exploits, aiming to combat mercenary spyware attacks. The program includes increased rewards for Lockdown Mode bypasses and iCloud access exploits. Read more

Vulnerabilities

  • Apple’s Bug Bounty Program: Apple is offering a $2M bounty for zero-click exploits, aiming to combat mercenary spyware attacks. The program includes increased rewards for Lockdown Mode bypasses and iCloud access exploits. Read more
Distribute Intel
Chris Armour
Director of Software Engineering
Chris Armour
The Breaker & Builder.

Operating on the philosophy that 'you can't build a secure system if you don't know how to break it,' Chris leads our engineering division. A top 1% National Cyber League competitor, he hardens our digital infrastructure against the very exploits he has mastered.

Android Apple Bug Bounty Data Breach Exploit MFA spyware Surveillance Vulnerability
Press & Media

Media Inquiries

For expert commentary, interview requests, or high-res assets regarding this announcement, initialize the terminal.

Initialize Terminal

// Recent Dispatches

Initiate
Deployment.

Whether you need a full adversarial facility audit or an executive resilience protocol for your leadership team.

Secure the Facility (Assessments)
Secure the Mind (Coaching/Speaking)