Tag: mobile
-
The hidden smart fridge risks that emerge years after purchase
Household refrigerators are built to last more than a decade. The software, cloud services, and mobile apps that control them are not. A new analysis from Erik Buchmann at … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/12/iot-smart-fridge-risks/
-
Ivanti customers confront yet another actively exploited zero-day
Attackers are hitting a frequent target in the network edge space, intruding victim networks through a defect in a widely used mobile endpoint security product. First seen on cyberscoop.com Jump to article: cyberscoop.com/ivanti-epmm-zero-day-vulnerability-exploited/
-
U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, vulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-6973 (CVSS score of 7.1), to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti warns customers…
-
Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access
Ivanti is warning that a new security flaw impacting Endpoint Manager Mobile (EPMM) has been explored in limited attacks in the wild.The high-severity vulnerability, CVE-2026-6973 (CVSS score: 7.2), is a case of improper input validation affecting EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1.It allows “a remotely authenticated user with administrative access to achieve remote code…
-
Ivanti warns of new EPMM flaw exploited in zero-day attacks
Tags: attack, endpoint, exploit, flaw, ivanti, mobile, remote-code-execution, update, vulnerability, zero-dayIvanti warned customers today to patch a high-severity remote code execution vulnerability in Endpoint Manager Mobile (EPMM) exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-warns-of-new-epmm-flaw-exploited-in-zero-day-attacks/
-
Ten years later, has the GDPR fulfilled its purpose?
Tags: access, ai, breach, business, china, cio, compliance, data, data-breach, dora, finance, flaw, framework, GDPR, governance, government, international, jobs, law, mobile, office, privacy, regulation, risk, service, technology, tool, trainingFernando Maldonado, technology advisor at Foundry. MuleSoft. Gray areas remain: Still, if anything has been demonstrated in the decade since its entry into force, it’s that the GDPR still has a long way to go.Miguel Recio, president of APEP.IA (Spanish Professional Association for Privacy), argues that some of the limitations that have been exposed about the…
-
CloudZ RAT Exploits Microsoft Phone Link to Steal SMS OTPs
CloudZ is a new modular remote access trojan that abuses Microsoft’s built”‘in Phone Link feature to steal SMS one”‘time passwords (OTPs) and other mobile notifications directly from Windows PCs, without infecting the phone itself. Microsoft Phone Link (formerly “Your Phone”) is integrated into Windows 10 and 11 to mirror smartphone SMS messages, application notifications, call…
-
Google expands Android Binary Transparency to counter supply chain attacks
Supply chain attacks on mobile software have grown alongside the expanding role of phones in daily life, from payments to government IDs to AI features. Google is responding … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/google-android-binary-transparency/
-
Kochava Will Stop Selling ‘Sensitive Location’ Info
Litigation Initiated by the US FTC Leads to Settlement Restricting Data Broker. The Federal Trade Commission has banned an Idaho-based data broker from selling sensitive location data gathered from hundreds of millions of individuals’ mobile devices without their knowledge or consent. The proposed order ends several years of legal sparring between Kochava and the FTC.…
-
Google Update: Android Flaw Could Put Billions of Devices at Risk
Google patched an Android zero-click RCE flaw affecting multiple versions. Here’s what IT teams should know and how to reduce mobile risk. The post Google Update: Android Flaw Could Put Billions of Devices at Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-android-zero-click-rce-patch/
-
Google Update: Android Flaw Could Put Billions of Devices at Risk
Google patched an Android zero-click RCE flaw affecting multiple versions. Here’s what IT teams should know and how to reduce mobile risk. The post Google Update: Android Flaw Could Put Billions of Devices at Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-android-zero-click-rce-patch/
-
Google Update: Android Flaw Could Put Billions of Devices at Risk
Google patched an Android zero-click RCE flaw affecting multiple versions. Here’s what IT teams should know and how to reduce mobile risk. The post Google Update: Android Flaw Could Put Billions of Devices at Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-android-zero-click-rce-patch/
-
FTC to ban data broker Kochava from selling Americans’ location data
The FTC will ban data broker Kochava and its subsidiary, Collective Data Solutions (CDS), from selling location data without consumers’ explicit consent to settle charges alleging that it sold precise geolocation data collected from hundreds of millions of mobile devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ftc-to-ban-data-broker-kochava-from-selling-americans-location-data/
-
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudz-malware-abuses-microsoft-phone-link-to-steal-sms-and-otps/
-
Smishing at Scale: What Our Expert Panel Revealed About the Mobile Phishing Supply Chain
Recap of the live panel hosted by Constella and WMC Global on April 30, 2026 â–¶ Watch the full recording If you’ve gotten a text recently warning you about an unpaid toll, a missed delivery, or suspicious activity on your bank account, you’ve interacted, however briefly, with one of the most sophisticated fraud… First seen…
-
Your work apps are quietly handing 19 data points to someone
Office work in 2026 runs through a stack of mobile apps that sit on the same phones people use for banking, messaging family, and tracking their location. Ten of the most … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/workplace-apps-data-collection-privacy/
-
Fake CAPTCHA Scam Uses SMS Pumping to Inflate Phone Bills
A newly uncovered cyber fraud campaign is abusing fake CAPTCHA pages to trick mobile users into sending large volumes of international SMS messages, resulting in unexpected phone bills and illicit profits for attackers. Unlike traditional malware campaigns, this operation does not require installing malicious software. Instead, it exploits telecom billing systems and affiliate revenue models…
-
Product showcase: SimpleX Chat removes user identifiers from messaging
SimpleX Chat is a free, private, open-source messenger that uses encryption and does not require user identifiers. It is available on mobile and desktop platforms, including … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/29/product-showcase-simplex-chat-secure-messaging/
-
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers.According to a new report published by Infoblox, the operation is believed…
-
7 Passkey Deployment Lessons from eBay, HubSpot, Revolut, and VicRoads
7 proven passkey deployment lessons from eBay, HubSpot, Revolut, and VicRoads. Covers enrollment design, mobile-first strategy, account recovery UX, device rotation handling, and the login success rate metric that actually predicts FIDO2 rollout success. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/7-passkey-deployment-lessons-from-ebay-hubspot-revolut-and-vicroads/
-
$80 Billion Lost to SMS Fraud Last Year. The Good News Is Wrong.
Mobile fraud losses are projected to decline in 2026. That headline is technically accurate and deeply misleading. The fraud is not going away. It is changing channels, picking up speed, and getting harder to stop. The number looks like progress. Global subscriber losses from SMS fraud, smishing, account takeover, and related mobile threats reached $80……
-
US clarifies mobile hotspots part of foreign router ban despite rarity of American made consumer kit
Silicon often from US, but the kit from APAC and elsewhere First seen on theregister.com Jump to article: www.theregister.com/2026/04/24/fcc_does_a_doubletake_adds/
-
Toronto police arrest three in Canada’s first mobile SMS blaster case
Canadian police arrested three men over the use of a mobile “SMS blaster,” a device capable of impersonating a cellular tower to send mass phishing messages and disrupt mobile networks. First seen on therecord.media Jump to article: therecord.media/canada-sms-blaster-cybercriminals
-
Hackers Exploit SS7 and Diameter Flaws to Track Mobile Users Globally
A recent investigation by Citizen Lab has uncovered sophisticated, multi-year surveillance campaigns exploiting foundational vulnerabilities in global mobile networks. The report, titled >>Bad Connection,<< reveals how suspected commercial surveillance vendors (CSVs) weaponize the SS7 and Diameter signaling protocols to covertly track high-profile individuals across the globe without interacting directly with their devices. These findings underscore…
-
Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities
Researchers said it’s the first-ever mapping of attack traffic to mobile operator signalling infrastructure. First seen on cyberscoop.com Jump to article: cyberscoop.com/surveillance-campaigns-use-commercial-surveillance-tools-to-exploit-long-known-telecom-vulnerabilities/
-
They Built a Legendary Privacy Tool. Now They’re Sworn Enemies
There’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love between the two guys at the center of its history. First seen on wired.com Jump to article: www.wired.com/story/they-built-privacy-tool-grapheneos-now-sworn-enemies/
-
A single platform powers SIM farm proxy networks across 17 countries
Racks of phones and 4G modems, connected to carrier networks and rented out as commercial mobile proxy services, are operating across at least 94 locations in 17 countries. An … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/sim-farm-proxy-network-cybercrime/
-
NGate Android malware uses HandyPay NFC app to steal card data
A new variant of the NGate malware that steals NFC payment data is targeting Android users by hiding in a trojanized version of HandyPay, a legitimate mobile payments processing tool. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ngate-android-malware-uses-handypay-nfc-app-to-steal-card-data/
-
Android-Trojaner gibt sich als Bank oder Behörde aus
Sicherheitsforscher von Infoblox und der vietnamesischen Organisation Chong Lua Dao haben eine weitreichende Malware-Infrastruktur aufgedeckt, die gezielt auf Mobile-Banking-Nutzer abzielt. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/android-trojaner-bank-oder-behoerde