Top stories.
- Researchers craft a kernel exploit on Apple's M5 chips, with help from Mythos.
- Santa Clara County files lawsuit against Meta over alleged advertising practices.
- IBM security executive eyed for CISA director.
Researchers craft a kernel exploit on Apple's M5 chips, with help from Mythos.
Researchers at Calif developed the first public macOS kernel memory-corruption exploit on Apple's M5 chips, despite the company's hardware-assisted Memory Integrity Enforcement (MIE) protections. Calif says the exploit was developed with assistance from Anthropic's Mythos model, which "discovered the bugs quickly because they belong to known bug classes." Bypassing MIE required human expertise, however.
The researchers state, "The exploit is a data-only kernel local privilege escalation chain targeting macOS 26.4.1 (25E253). It starts from an unprivileged local user, uses only normal system calls, and ends with a root shell. The implementation path involves two vulnerabilities and several techniques, targeting bare-metal M5 hardware with kernel MIE enabled." Calif has shared its findings with Apple, and is withholding technical details until Apple issues a fix.
Santa Clara County files lawsuit against Meta over alleged advertising practices.
Santa Clara County in California has filed a lawsuit against Meta, alleging that the company is knowingly allowing scam ads to operate on its platforms to generate profits, the San José Spotlight reports. The lawsuit is based on a 2025 Reuters article claiming that internal Meta documents projected that 10% of its 2024 revenue would come from ads for scams and banned goods, and that the company raised ad prices for suspicious accounts rather than banning them. A company spokesperson told Reuters at the time that the documents "present a selective view that distorts Meta’s approach to fraud and scams," and that "[t]he assessment was done to validate our planned integrity investments – including in combatting frauds and scams – which we did."
A Meta spokesperson told the San José Spotlight in response to the lawsuit, "This claim relies on Reuters reporting that distorts our motives and ignores the full range of actions we take to combat scams every day. We aggressively fight scams on and off our platforms because they’re not good for us or the people and businesses that rely on our services."
IBM security executive eyed for CISA director.
Tom Parker, a security services lead at IBM, is the Trump administration's top choice for the next director of the US Cybersecurity and Infrastructure Security Agency (CISA), SC Media reports. Parker has two decades of experience in the cybersecurity industry, and currently serves as IBM's Global Lead for Growth & Strategy, Cybersecurity Services. He doesn't have any prior government experience, but Nextgov cites sources as saying that Homeland Security Secretary Markwayne Mullin is looking for a CISA director from the private sector.
Nick Andersen, CISA's Executive Assistant Director for Cybersecurity, has been serving as the agency's acting director since late February. The administration's former nominee, DHS Coast Guard advisor Sean Plankey, withdrew his nomination last month after waiting over a year for Senate confirmation. Plankey has since taken a role as CEO of London-based, Ukrainian-founded drone defense firm UFORCE.
