🌙 Tekin Night May 27: Apple's Security Crisis & LA Metro Hack

🔒 Apple's Security Crisis: New CVE Details for macOS, iOS, and Other Operating Systems

In an unexpected move, Apple today (May 26, 2026) updated the security content pages for several versions of macOS, iOS, iPadOS, visionOS, and watchOS, adding new CVE details for vulnerabilities that were previously addressed in each update. This action reveals that some of the security vulnerabilities Apple patched in recent months were more serious and widespread than initially announced.

According to 9to5Mac's report, Apple published new security details for older versions like macOS Sonoma 14.8, iOS 18.7, and iPadOS 18.7, as well as newer versions like iOS 26, iPadOS 26, watchOS 26, and visionOS 26. These security updates include fixes for vulnerabilities in Siri, Calendar, Kernel, CoreServices, FaceTime, Phone, and SQLite.

What makes this disclosure particularly significant is the timing and scope. Apple released macOS Sonoma 14.8 in September 2025, yet only today revealed the full extent of vulnerabilities patched in that release. This delayed disclosure strategy suggests Apple may prefer to withhold complete vulnerability details until it's confident most users have updated their systems, preventing hackers from exploiting detailed technical information about unpatched devices.

The retrospective nature of these disclosures is particularly noteworthy. Apple's security documentation now reveals that iOS 26 and iPadOS 26 addressed over 60 CVEs, including 20 WebKit issues that could lead to crashes, exposure of sensitive user data, and security bypasses. The May 2026 security updates collectively patched over 170 vulnerabilities across Apple's entire ecosystem, from iOS 15.8.8 (supporting devices dating back to 2015 iPhones) to the latest macOS Tahoe 26.5.

Security researchers and enterprise IT administrators have long criticized Apple's delayed disclosure practices. While the company argues this approach protects users who haven't yet updated, critics contend it undermines trust and prevents security professionals from making fully informed risk assessments. The sheer volume of vulnerabilities—170+ in a single month—also raises questions about the security posture of Apple's increasingly complex software ecosystem.

🇮🇷 Iranian Hackers Behind LA Metro Attack: Gambit Security Report

In a major revelation, Israeli security researchers from Gambit Security announced that the March 2026 cyberattack on the Los Angeles transit system (LACMTA) was the work of Iranian state-sponsored hackers. This attack, which took weeks to recover from, is considered one of the most serious cyberattacks on U.S. critical infrastructure in 2026.

According to reports from TechCrunch and Reuters, Gambit Security stated in its report that the hackers work for Iran's Ministry of Intelligence and State Security (MOIS). A hacktivist group calling itself "Ababil of Minab" claimed responsibility for the attack, saying they stole and then deleted data from LACMTA's systems. The group's name references a U.S. airstrike on an Iranian school in the city of Minab that killed more than 175 people, mostly children.

Gambit Security stated: "They are not a new, standalone hacktivist crew as they claim." This assertion is based on forensic evidence linking the group to a previous Iran-linked campaign, as well as activity attributed to MOIS by Israel's National Cyber Directorate. Gambit also investigated other attacks against companies in Israel, Saudi Arabia, and Turkey.

The technical sophistication of the attack is particularly concerning. According to The Next Web, the hackers reached LA Metro's rail yard management and train control display system, known internally as Division 11. This level of access suggests the attackers could have potentially disrupted physical rail operations, not just stolen data. The fact that they accessed virtualization infrastructure and web servers indicates a multi-vector attack that exploited multiple entry points.

If Gambit's assessment is correct, Ababil of Minab would be the latest in a series of fake hacktivist groups working for the Iranian government. The most recent example is Handala, which earlier this year hacked U.S. medical tech giant Stryker, wiping thousands of company systems and employee devices. Following the Stryker breach, the FBI seized two Handala websites, and the U.S. Justice Department accused Iran's government of being behind the hacktivist group and its attacks.

The geopolitical context is crucial. Iranian-linked hackers have increased their activities and claimed hacks after the U.S. and Israel started bombing Iran earlier this year. In April, a coalition of U.S. agencies warned that Iranian hackers were targeting American critical infrastructure. This LA Metro attack fits into a broader pattern of Iranian cyber retaliation against U.S. targets, escalating from symbolic attacks to operations targeting critical infrastructure that millions of Americans depend on daily.

📱 iOS 26.6 Beta 1: What Apple Did (Not) Bring

Apple today released the first beta of iOS 26.6 and iPadOS 26.6 for developers, but users are struggling to find anything new. This minor update arrived two weeks after the official release of iOS 26.5 and iPadOS 26.5, and appears to focus primarily on behind-the-scenes improvements rather than user-facing features that iPhone owners would immediately notice.

According to reports from 9to5Mac and MacRumors, Tuesday's software update increases the build number to 23G5028e, up from the 23F77 build number of iOS 26.5. Though the iOS 26.6 beta is a relatively light release feature-wise, it does include two significant changes: an Apple Maps security upgrade and a new Contacts feature that notifies users when they try to exceed the blocked contacts limit.

Macworld reported that users may struggle to identify any notable new features or changes. This minor update appears to focus primarily on behind-the-scenes improvements rather than user-facing enhancements that iPhone owners would immediately notice. However, the reality is that iOS 26.6 is a bridge to iOS 27, which is expected to be unveiled at WWDC 2026 on June 8.

The timing of this release is strategic. With WWDC just two weeks away, Apple is ensuring iOS 26 is as stable and bug-free as possible before shifting focus to iOS 27. Phone Arena noted that iOS 26.6 beta could be the first opportunity for iPhone users to experience the eagerly awaited Siri 2.0 update, though that seems unlikely given the minimal changes in beta 1. More realistically, iOS 26.6 will be a maintenance release that sets the stage for the AI-powered features coming in iOS 27.

💔 The Death of Fitbit: Google Health and User Revolt

The Fitbit app is no more. Along with the launch of the new Fitbit Air (which you can expect a full review of once we've spent more time with it), Google has officially replaced it with Google Health, as previously announced, and many of the responses we've seen so far are full of confusion, frustration, and requests to get the old app back.

According to The Verge's report, one post on Reddit calls out a common issue, saying, "I can't even completely fill up my home screen. They only have 2 large tiles available and I can't just scroll down to see everything." The landing page has a small section up top showing steps and some other basic stats, but part of the app's main page is now reserved for recent activity updates and chatty notes from Google's AI health coach.

The AI didn't have much to say to some users, but for The Verge's senior editor Richard Lawler, it started a conversation about today's plans that he wasn't quite ready to have with a chatbot. Not everyone is annoyed by the AI bot, however, with one person commenting, "When I ask it to design a moderate workout using my office gym equipment, circuit style, I usually end up feeling great afterwards." Another person called it "quite a helpful feature," showing how they were able to update their sleep log with a missed session by chatting with the AI bot.

Another user said, "This graphic UI looks like something an 8 year old would make," while someone else complained, "Why must I now scroll through paragraphs of AI slop on every tab before I can actually see my activities and data? I don't want or need to read platitudes about my 15 minute walk to the grocery store. I want to see my stats from my morning run."

One post on Google's help center sums things up, saying, "This app is a huge disappointment and a total time drain to get minimal results. How can I get back to using what worked?!" Many others were in agreement, with one reply saying, "it's no longer a genuine fitness app." The frustration is palpable across Reddit, Google's support forums, and social media, with users feeling that Google prioritized AI integration over user experience.

According to a support page, if you have a supported wearable connected, Google Health shows two additional tabs for Fitness and Sleep that would make things easier. However, many users don't have compatible wearables or are using third-party devices. While Google's Rishi Chandra told The Verge earlier this month that Google Health will eventually support third-party wearables, that support isn't available yet, leaving many users frustrated with a degraded experience.

🛡️ Dashlane and KnowBe4 Integration: The Future of Security Training

In a revolutionary move in the cybersecurity industry, Dashlane and KnowBe4 unveiled a first-of-its-kind integration that transforms security awareness into proactive defense. This integration, announced in April 2026, combines the Dashlane Omnix platform with KnowBe4 to create a closed-loop system that connects real-time credential threat detection with immediate, contextual security education.

According to Dashlane's report, this integration bridges the response gap by detecting compromised credential usage or phishing threats and immediately triggering relevant training for at-risk end users. In other words, when an employee makes a security mistake, the system immediately activates targeted training for that employee.

The integration hinges on a RESTful API framework, enabling real-time data exchange between password vaults and security awareness platforms. By exposing endpoints for credential breach alerts and user behavior analytics, the integration creates a feedback loop that refines training modules dynamically. This technical architecture allows for sub-second response times, ensuring that training is delivered while the security incident is still fresh in the user's mind.

Frederic Rivain from Dashlane and Erich Kron from KnowBe4 joined the Apple @ Work podcast to discuss this new integration and the future of security training. They emphasized that traditional security training is often conducted after an incident occurs, but this integration moves training to the moment risk is detected. This "just-in-time" approach is far more effective because it leverages the psychological principle of immediate feedback—people learn best when consequences are immediate and relevant.

The integration also addresses a critical gap in enterprise security: the disconnect between detection and education. Most organizations have tools to detect security threats and separate tools to train employees, but these systems don't communicate. An employee might click a phishing link on Monday, but not receive training about phishing until the quarterly security awareness session three months later. By that time, the lesson is abstract and disconnected from the employee's actual behavior. The Dashlane-KnowBe4 integration solves this by making training immediate, specific, and contextual.

💰 Lenovo Idea Tab: Half the Price of iPad with Better Specs

In a bold move to challenge Apple's dominance in the tablet market, Lenovo has released its Idea Tab 11" 2.5K at less than half the price of Apple's cheapest iPad. This Android tablet, featuring a 2.5K display, MediaTek Dimensity 6300 processor, 8GB RAM, and 128GB storage, presents a compelling option for those seeking a powerful tablet at an affordable price.

According to IGN's report, the spacious 11" screen features a 2.5K (2560x1600) resolution and a pixel density of 274ppi, which is technically sharper than the standard iPad's "Retina" display. The IPS panel offers wide viewing angles and accurate color reproduction, and the touchscreen interface boasts an anti-fingerprint coating to resist smudges.

The MediaTek Dimensity 6300 processor handles tasks smoothly, and 8GB of RAM ensures apps stay open without reloading. Android 15 keeps things up to date, and Lenovo has promised to support the tablet up to Android 17 and provide security patches until 2029. This level of long-term support is impressive for an Android tablet in this price range.

The display uses TÜV Rheinland Low Blue Light hardware which can help avoid eye strain and keep users from feeling fatigue set in after extended use. The 90Hz refresh rate provides a smoother scrolling and interaction experience compared to standard 60Hz tablets. For media consumption, the 11" screen size hits a sweet spot—large enough for comfortable video watching, but portable enough for one-handed use.

However, the Lenovo Idea Tab faces significant challenges in competing with the iPad ecosystem. While the hardware specs are impressive for the price, the Android tablet ecosystem remains significantly weaker than iPadOS. Many popular apps either don't have Android tablet versions or offer inferior experiences compared to their iPad counterparts. Professional creative apps like Procreate, LumaFusion, and Affinity Designer are iPad-exclusive, limiting the Idea Tab's appeal to creative professionals.

The MediaTek Dimensity 6300, while capable for everyday tasks, can't match the raw performance of Apple's M-series chips or even the A-series chips in base iPads. For demanding tasks like video editing, 3D modeling, or high-end gaming, the iPad remains the superior choice. Additionally, Apple's ecosystem integration—seamless handoff between devices, AirDrop, iCloud sync—provides value that's difficult to quantify in a spec sheet but makes a real difference in daily use.