Tag: mobile
-
California Tax Refund Mobile Phish
A new round of mobile phish is imitating the State of California’s “Franchise Tax Board” in a round of phishing sites that are gaining prominence in the past few days. I visited ftb.ca-gov-sg[.]top/notice from a burner phone to see how the scheme works (the page doesn’t load from the Windows browsers I tested.) After harvesting…
-
Indirect Prompt Injection Attacks Against LLM Assistants
Tags: attack, automation, control, data, disinformation, email, framework, google, injection, LLM, malicious, mitigation, mobile, phishing, risk, risk-assessment, threat, toolReally good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware”, maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of…
-
Microsoft-backed boffins show mega speed boost with hollow-core fiber
Could dramatically reduce latency between datacenters and on mobile nets First seen on theregister.com Jump to article: www.theregister.com/2025/09/01/hollowcore_optical_fiber_research/
-
MobSF Vulnerability Allows Attackers to Upload Malicious Files
Tags: application-security, cyber, exploit, flaw, framework, malicious, mobile, open-source, vulnerabilityCritical security flaws discovered in Mobile Security Framework (MobSF) version 4.4.0 enable authenticated attackers to exploit path traversal and arbitrary file write vulnerabilities, potentially compromising system integrity and exposing sensitive data. Two significant vulnerabilities have been identified in the popular Mobile Security Framework (MobSF), a widely-used open-source mobile application security testing platform. The flaws, tracked…
-
Threat Actors Use Facebook Ads to Deliver Android Malware
Cybercriminals are increasingly turning their sights from desktop to mobile, exploiting Meta’s advertising platform to distribute a sophisticated Android banking trojan disguised as a free TradingView Premium app. Bitdefender Labs warns that these threat actors have shifted tactics after months of targeting Windows users with fake trading and cryptocurrency ads, now focusing worldwide on smartphone…
-
Spotify Launches Direct Messaging Feature Amid Security Concerns
Spotify this week unveiled a newDirect Messagingfeature, enabling users to share songs, podcasts and audiobooks within the app. While the move promises streamlined recommendations and deeper engagement among friends, it also raises fresh security and privacy considerations. Rolling out to Free and Premium users aged 16 and older in select markets on mobile devices, the…
-
Social media apps that aggressively harvest user data
Both domestic and foreign technology companies collect vast amounts of Americans’ personal data through mobile applications, according to Incogni. Some apps leverage data for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/27/social-media-apps-data-privacy/
-
TDL003 – Breaking Barriers: IPv6 Adoption and DNS Transformation with Tommy Jensen
Tags: access, ai, apple, attack, backup, banking, browser, business, ceo, chrome, ciso, compliance, computer, computing, control, country, credentials, cybersecurity, data, data-breach, ddos, dns, encryption, endpoint, google, government, group, international, Internet, jobs, law, microsoft, mobile, network, phishing, phone, privacy, programming, radius, risk, service, smishing, strategy, switch, technology, threat, update, vpn, windows, zero-trustSummary This episode of the Defender’s Log features special guest Tommy Jensen, an internet technologist specializing in IPv6, Zero Trust, and standards. Jensen’s career path, from an AppleCare contractor to a key figure in advancing internet technologies, is explored. The discussion highlights the critical importance and challenges of migrating to IPv6 and the necessity of…
-
New Hook Android Banking Malware Emerges with Advanced Features and 107 Remote Commands
Zimperium’s zLabs research team has identified a sophisticated new variant of the Hook Android banking trojan, marking a significant escalation in mobile threat sophistication. This iteration incorporates ransomware-style overlays that display extortion messages, demanding payments via dynamically fetched wallet addresses from the command-and-control (C2) server. Activated by the >>ransome
-
Google Introduces Enhanced Developer Verification for Play Store App Distribution
Google has announced that all Android apps installed on approved devices will soon need to be able to be traced back to a verified developer identity in an effort to combat the growing wave of financial fraud operations and mobile viruses. The policy, scheduled to roll out in select high-risk regions in 2025 before global…
-
Beware! Fake Google Play Store Sites Used to Spread Android Malware
Cybersecurity researchers have identified a resurgence of SpyNote malware campaigns targeting Android users through sophisticated fake Google Play Store websites. The malicious actor behind these attacks has implemented new anti-analysis techniques and expanded their deceptive tactics since previous reports, demonstrating a persistent threat to mobile device security. Deceptive Campaign Hits Popular Apps The threat actor…
-
0-Click Zendesk Flaw Lets Hackers Hijack Accounts and View All Tickets
A critical zero-click vulnerability in Zendesk’s Android SDK has been uncovered, enabling attackers to hijack support accounts and harvest every ticket without any user interaction. Discovered during a private bug bounty program, the flaw stems from weak token generation and storage mechanisms within Zendesk’s mobile application. Vulnerability Overview Zendesk’s Android client generates authentication tokens by…
-
Microsoft working on fix for ongoing Outlook email issues
Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern Authentication (HMA). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-working-on-fix-for-ongoing-outlook-email-issues/
-
Microsoft working on fix for ongoing Outlook email issues
Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern Authentication (HMA). First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-working-on-fix-for-ongoing-outlook-email-issues/
-
»Wallet-Pflicht« Grund zur Sorge oder Chance?
Unternehmen aus verschiedenen Branchen müssen bis spätestens Ende 2027 eine Schnittstelle zu den European-Digital-Identity-Wallets (EUDI) der EU anbieten. Bringt das nur noch mehr Bürokratie aus Brüssel oder können Unternehmen davon sogar profitieren? Christian Gericke, Geschäftsführer der d.velop mobile services und Vorstand des AK Vertrauensdienstes im Branchenverband Bitkom, analysiert das Business-Potenzial der digitalen Brieftaschen. Basierend auf……
-
10 Best Endpoint Detection And Response (EDR) Companies in 2025
In 2025, the endpoint remains the primary battleground for cyber attackers, making the implementation of EDR solutions a critical necessity for robust cybersecurity defenses. Laptops, desktops, servers, mobile devices, and cloud workloads are critical entry points and data repositories, making them prime targets for sophisticated cyber threats. While traditional antivirus (AV) software offers a baseline…
-
Scraping At Carrier Scale: Why Mobile IPs Outperform Datacenter IPs
Tags: mobileLearn why mobile IPs outperform datacenter IPs for large-scale scraping, reducing bans and boosting success with natural traffic patterns. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/08/scraping-at-carrier-scale-why-mobile-ips-outperform-datacenter-ips/
-
Cybersecurity Snapshot: Industrial Systems in Crosshairs of Russian Hackers, FBI Warns, as MITRE Updates List of Top Hardware Weaknesses
Tags: access, ai, attack, automation, cisa, cisco, cloud, conference, control, credentials, cve, cyber, cybersecurity, data, data-breach, deep-fake, detection, docker, espionage, exploit, flaw, framework, fraud, google, government, group, guide, hacker, hacking, Hardware, identity, infrastructure, intelligence, Internet, iot, LLM, microsoft, mitigation, mitre, mobile, network, nist, risk, russia, scam, service, side-channel, software, strategy, switch, technology, threat, tool, update, vulnerability, vulnerability-management, windowsCheck out the FBI’s alert on Russia-backed hackers infiltrating critical infrastructure networks via an old Cisco bug. Plus, MITRE dropped a revamped list of the most important critical security flaws. Meanwhile, NIST rolled out a battle plan against face-morphing deepfakes. And get the latest on the CIS Benchmarks and on vulnerability prioritization strategies! Here are…
-
Featured Chrome extension FreeVPN.One caught capturing and transmitting user data
Tags: access, api, browser, ceo, chrome, corporate, credentials, data, data-breach, endpoint, finance, governance, healthcare, india, malicious, mobile, monitoring, privacy, risk, technology, threat, tool, vpn, vulnerability, vulnerability-managementUnmanaged extensions expose enterprises: Such incidents highlight how unmanaged browser extensions can act as covert data exfiltration channels, exposing sensitive corporate information. Enterprises usually deploy licensed, corporate-grade VPNs that are safe and accompanied by monitoring and access controls. But employees often install free VPN extensions for personal use.”This poses as a major threat to industries…
-
Wallet-Pflicht Grund zur Sorge oder Chance?
Unternehmen aus verschiedenen Branchen müssen bis spätestens Ende 2027 eine Schnittstelle zu den European-Digital-Identity (EUDI)-Wallets der EU anbieten. Bringt das nur noch mehr Bürokratie aus Brüssel oder können Unternehmen davon sogar profitieren? Christian Gericke, Geschäftsführer der d.velop mobile services und Vorstand des AK Vertrauensdienstes im Branchenverband Bitkom, analysiert das Business-Potenzial der digitalen Brieftaschen. Basierend auf…
-
New zero-day startup offers $20 million for tools that can hack any smartphone
Prices for hacking tools that allow governments to break into mobile phones keep going up, thanks to efforts by tech firms shoring up their cybersecurity. First seen on techcrunch.com Jump to article: techcrunch.com/2025/08/20/new-zero-day-startup-offers-20-million-for-tools-that-can-hack-any-smartphone/
-
Mobile Phishers Target Brokerage Customers in ‘Ramp and Dump’ Cashout Scheme
Cybercriminal groups specializing in advanced mobile phishing kits have evolved their operations beyond stealing payment card data for mobile wallet enrollment, now pivoting to exploit brokerage accounts in sophisticated ‘ramp and dump’ schemes. This shift, as detailed in recent research by security experts, leverages compromised user credentials to manipulate foreign stock prices, circumventing traditional security…
-
New Ghost-Tapping Attacks Target Apple Pay and Google Pay Users’ Linked Cards
Chinese-speaking cybercriminals are using ghost-tapping techniques to take advantage of Near Field Communication (NFC) relay tactics in a sophisticated evolution of payment card fraud. They are mainly targeting mobile payment services such as Apple Pay and Google Pay. This attack vector involves relaying stolen payment card credentials from compromised devices to mules’ burner phones, enabling…
-
Android’s pKVM hypervisor earns SESIP Level 5 security certification
Google announced that its protected Kernel-based Virtual Machine (pKVM) for Android has achieved SESIP Level 5 certification, the highest security assurance level for IoT and mobile platforms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/androids-pkvm-hypervisor-earns-sesip-level-5-security-certification/
-
Portable, Encrypted Storage That Keeps Your Work Protected
Tags: mobileLightweight, fingerprint-secured SSD with 450″¯MB/s speeds and ProRes support for mobile and remote workflows. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/iklips-ssd/
-
How to detect Open Bullet 2 bots running in Puppeteer mode
Open Bullet 2 is an open-source tool built for credential stuffing attacks, automated attempts to gain access to user accounts using stolen credentials from data breaches. It supports both website and mobile application targets and has become a staple in the fraud ecosystem due to its flexibility, extensibility, and active First seen on securityboulevard.com Jump…
-
What the Matter 1.4.2 update means for smart home security
Matter is built on the idea that smart home devices should be secure, reliable, and easy to use. It is based on Internet Protocol (IP), which allows devices, mobile apps, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/11/matter-1-4-2-smart-home-security/