Tag: android
-
Google releases June Android security patches addressing 124 vulnerabilities, including 1 zero-day
First seen on scworld.com Jump to article: www.scworld.com/brief/google-releases-june-android-security-patches-addressing-124-vulnerabilities-including-one-zero-day
-
Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited
Google on Monday released patches for 124 security vulnerabilities impacting its Android operating system for the month of June 2026, including one high-severity flaw in the Framework component that has come under active exploitation.Tracked as CVE-2025-48595 (CVSS score: 8.4), the security flaw has been described as a case of privilege escalation without requiring any user…
-
Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling
Available for Android 12 and later, the anti-scam feature is baked into Google Dialer, which sends a silent “confirmation signal” to ensure whoever’s calling you is who they appear to be. First seen on wired.com Jump to article: www.wired.com/story/android-is-fighting-phone-scams-with-a-new-feature-to-prove-whos-calling/
-
Google Patches Android Zero-Day Vulnerability in June 2026 Security Update
Google’s June 2026 Android update fixes dozens of flaws, including a potentially exploited Framework vulnerability and critical system bugs. The post Google Patches Android Zero-Day Vulnerability in June 2026 Security Update appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-june-2026-android-security-update/
-
Google Patches Android Zero-Day Under Active Exploitation
Google has patched CVE-2025-48595, an actively exploited Android zero-day that enables privilege escalation on affected devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/google-patches-android-zero-day-under-active-exploitation/
-
Google fixes actively exploited Android vulnerability (CVE-2025-48595)
Google has announced the June 2026 Android security updates, which fix a bucketload of vulnerabilities, including a high-severity vulnerability (CVE-2025-48595) in the Android … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/02/android-vulnerability-exploited-cve-2025-48595/
-
Google fixes one actively exploited Android zero-day, 124 flaws
Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-fixes-one-actively-exploited-android-zero-day-124-flaws/
-
Android Zero-Day Vulnerability Actively Exploited in Device Takeover Attacks
Google has disclosed a critical Android zero-day vulnerability that is reportedly being actively exploited in targeted attacks, raising serious concerns about the risk of large-scale device compromise. The issue, tracked as CVE-2025-48595, was highlighted in the Android Security Bulletin for June 2026, released on June 1. Android Zero-Day Vulnerability According to Google, the vulnerability resides…
-
OpenAI Codex Authentication Tokens Stolen in codexui-android npm Supply Chain Attack
Tags: android, attack, authentication, breach, cybersecurity, github, malicious, openai, supply-chain, toolCybersecurity researchers have disclosed details of a new malicious supply chain campaign that’s targeting developers using OpenAI Codex through a legitimate-looking remote web UI.The tool, named codexui-android, is advertised on GitHub and npm as a remote web UI for OpenAI Codex, attracting over 29,000 weekly downloads. The package is still available for download from the…
-
BTMOB Android RAT Spreads Through No-Code Builder Tooling
BTMOB Android RAT sold as a service with a no-code builder for fast, regional phishing lures First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/btmob-android-rat-maas-builder/
-
Trapdoor ad fraud campaign used hundreds of Android apps
First seen on scworld.com Jump to article: www.scworld.com/brief/trapdoor-ad-fraud-campaign-used-hundreds-of-android-apps
-
Android Malware Secretly Signs Users Up for Premium Services
Android users are being targeted by a large-scale malware campaign that silently subscribes victims to premium mobile services without their knowledge. The malware campaign focuses on carrier billing fraud, abusing premium SMS services to generate revenue for attackers. What makes this operation particularly dangerous is its ability to target victims based on their mobile operator…
-
Fake Android Apps Commit Carrier Billing Fraud for Premium Services
The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/fake-android-apps-carrier-billing-fraud
-
Android Malware Spotted Subscribing Victims to Paid Services Without Consent
Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills. First seen on hackread.com Jump to article: hackread.com/android-malware-subscribe-services-without-consent/
-
Fake Android Apps Commit Carrier Billing Fraud for Premium Svcs.
The disguised apps use WebView automation, JavaScript injection, and OTP interception to avoid detection and complete fraudulent subscriptions. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/fake-android-apps-carrier-billing-fraud
-
Android Malware Campaign Used Hundreds of Fake Apps to Silently Charge Users
Premium Deception campaign uses 250 Android apps to silently sign victims up to paid services First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/android-carrier-billing-fraud-four/
-
Trapdoor Android Ad Fraud Ring Abuses 455 Apps for Fake Clicks
A large-scale Android ad fraud campaign named “Trapdoor,” exposing a sophisticated ecosystem built on 455 malicious apps and 183 command-and-control (C2) domains. The operation combines malvertising, automated click fraud, and advanced evasion techniques to create a self-sustaining revenue loop that has generated massive fraudulent traffic across the digital advertising ecosystem. At its peak, Trapdoor generated…
-
DevilNFC Malware Traps Android Users in NFC Relay Attacks
A newly identified Android malware family named DevilNFC is raising concern among cybersecurity researchers for its advanced use of kiosk mode to trap victims during NFC relay attacks. These malware families mark a significant evolution in NFC relay threats. Unlike earlier campaigns dominated by Chinese-speaking Malware-as-a-Service ecosystems, DevilNFC and NFCMultiPay are developed by independent regional…
-
Android Ad Fraud Operation Generates 659M Bid Requests
Researchers Identify 455 Malicious Apps Tied to Global Malvertising Campaign. Cybercriminals used malicious Android apps to funnel unwitting users to an ad fraud scam that generated up to 659 million daily bid requests, reports Human Security. The scam has spanned 455 malicious Android apps and is linked to 183 threat actor-owned command-and-control domains. First seen…
-
Trapdoor Android Ad Fraud Scheme Hit 659 Million Daily Bid Requests Using 455 Apps
Tags: android, control, cybersecurity, fraud, infrastructure, intelligence, malicious, malware, threatCybersecurity researchers have disclosed details of a new ad fraud and malvertising operation dubbed Trapdoor targeting Android device users.The activity, per HUMAN’s Satori Threat Intelligence and Research Team, encompassed 455 malicious Android apps and 183 threat actor-owned command-and-control (C2) domains, turning the infrastructure into a pipeline for multi-stage fraud.”Users First seen on thehackernews.com Jump to…
-
Neuer QRCheck: Warum Android-Nutzer ohne Play-Dienste jetzt Probleme haben
First seen on t3n.de Jump to article: t3n.de/news/neuer-qr-captcha-check-android-ohne-play-dienste-probleme-1741877/
-
Google Project Zero Details Pixel 10 Zero-Click Exploit Chain
A powerful zero-click exploit chain for the Pixel 10 that can take an attacker from a remote Dolby decoding bug to full kernel control through a single vulnerable video processing driver. The work shows both how quickly Google can now patch critical issues and how shallow mistakes in vendor drivers can still undermine Android’s security…
-
Google Launches Android Spyware Forensics Tool for High-Risk Users
Google’s Android Advanced Protection Mode is getting a new feature allowing trusted security experts to investigate potential spyware infections First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/google-launches-android-spyware/
-
Android 17 to expand banking scam call and privacy protections
Android 17, expected to roll out next month, will introduce several security and privacy features focused on device theft, threat detection, and banking scam calls. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/android-17-to-expand-banking-scam-call-and-privacy-protections/
-
Google launches new Android security feature to help uncover spyware attacks
Intrusion Logging is a new part of Android’s Advanced Protection Mode, which aims to help protect human rights activists, journalists, and dissidents from government spyware attack and law enforcement forensic devices. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/12/google-launches-new-android-security-feature-to-help-uncover-spyware-attacks/
-
New TrickMo Variant Uses TON C2 and SOCKS5 to Create Android Network Pivots
Cybersecurity researchers have flagged a new version of the TrickMo Android banking trojan that uses The Open Network (TON) for command-and-control (C2).The new variant, observed by ThreatFabric between January and February 2026, has been observed actively targeting banking and cryptocurrency wallet users in France, Italy, and Austria.”TrickMo relies on a runtime-loaded APK (dex.module), First seen…
-
End”‘to”‘End Encrypted RCS Messaging Arrives Across iPhone and Android
Apple begins rolling out end-to-end encrypted RCS messaging between iPhone and Android in iOS 26.5 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apple-google-rcs-end-to-end/
-
Google macht es Android-Smartphones ohne Play-Dienste schwerer: Welche Auswirkungen das hat
First seen on t3n.de Jump to article: t3n.de/news/google-android-smartphone-ohne-play-dienste-schwerer-1741877/
-
Android banking Trojan TrickMo evolves using TON network for C2
ThreatFabric found a new TrickMo Android trojan focused on stealth and persistence, moving its command-and-control traffic to the TON network. Security researchers at ThreatFabric have recently identified a new version of TrickMo, a dangerous Android banking trojan that shows how malware operators are focusing less on flashy new features and more on improving stealth, flexibility,…
-
iOS 26.5 Brings Default EndEnd Encrypted RCS Messaging Between iPhone and Android
Apple on Monday officially released iOS 26.5 with support for end-to-end encryption (E2EE) to Rich Communication Services (RCS) in beta as part of a “cross-industry effort” to replace traditional SMS with a more secure alternative.To that end, E2EE RCS messaging is rolling out to iPhone users running iOS 26.5 with supported carriers and Android users…