Microsoft and Apple have addressed a critical vulnerability identified as CVE-2025-31199 in macOS Spotlight, with Apple deploying a fix promptly after Microsoft discovered the flaw. The vulnerability, dubbed "Sploitlight," was analyzed in detail by Microsoft Security Blog and has raised awareness about the security risks in macOS's Transparency, Consent, and Control (TCC) system. Meanwhile, a separate critical flaw has been exposed in the Vibe-Coding platform Base44, which affected various applications. In addition, the sex toy manufacturer Lovense has been found to have a security flaw in its app that leaks users' email addresses and potentially allows account takeovers without a password, raising privacy concerns. Cybersecurity experts emphasize that browsers have become the primary battleground for cyberattacks, with phishing, information stealers, and token hijacking techniques bypassing multi-factor authentication to target SaaS logins and compromise organizations. This evolving threat landscape highlights the importance of vigilant identity protection and monitoring in cybersecurity strategies.