Tag: mobile

A Single Bug in Mobile Apps Can Cost You Millions! Protect with Secure Code Review!

Nov 15, 2025 8:49 PM

Tags: access, banking, exploit, flaw, mobile

A leading banking app was forced into a three-day shutdown after attackers exploited a small coding oversight that granted access to customer accounts. The flaw had quietly existed in the codebase for months, completely slipping past the development team. What made the incident even more frustrating was that a simple peer review could have identified……
How shadow IT leaves every industry in the dark

Nov 15, 2025 12:49 AM

Tags: access, ai, breach, cloud, compliance, computer, control, data, data-breach, fintech, group, healthcare, infrastructure, insurance, Internet, mobile, network, privacy, regulation, risk, saas, service, technology, tool, unauthorized, vulnerability

Industry Examples of Shadow IT and Shadow AI Healthcare Consumer messaging, unapproved storage of medical imaging files, certificate challenges due to specialized portals for specific healthcare groups, department-run electronic health record (EHR) environments, unapproved telehealth platforms, AI for note summarization Insurance Custom applications for new insurance policy introductions, certificate challenges, maintenance issues, unsanctioned SaaS for…
How shadow IT leaves every industry in the dark

Nov 15, 2025 12:49 AM

Tags: access, ai, breach, cloud, compliance, computer, control, data, data-breach, fintech, group, healthcare, infrastructure, insurance, Internet, mobile, network, privacy, regulation, risk, saas, service, technology, tool, unauthorized, vulnerability

Industry Examples of Shadow IT and Shadow AI Healthcare Consumer messaging, unapproved storage of medical imaging files, certificate challenges due to specialized portals for specific healthcare groups, department-run electronic health record (EHR) environments, unapproved telehealth platforms, AI for note summarization Insurance Custom applications for new insurance policy introductions, certificate challenges, maintenance issues, unsanctioned SaaS for…
Protecting mobile privacy in real time with predictive adversarial defense

Nov 14, 2025 7:49 AM

Tags: data, defense, mobile, privacy

Mobile sensors are everywhere, quietly recording how users move, tilt, or hold their phones. The same data that powers step counters and activity trackers can also expose … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/14/research-real-time-mobile-privacy-protection/
NDSS 2025 Power-Related Side-Channel Attacks Using The Android Sensor Framework

Nov 13, 2025 5:49 PM

Tags: access, android, attack, browser, chrome, computer, conference, data-breach, exploit, framework, google, Internet, mobile, network, side-channel, threat

SESSION Session 2D: Android Security 1 Authors, Creators & Presenters: Mathias Oberhuber (Graz University of Technology), Martin Unterguggenberger (Graz University of Technology), Lukas Maar (Graz University of Technology), Andreas Kogler (Graz University of Technology), Stefan Mangard (Graz University of Technology) PAPER Power-Related Side-Channel Attacks using the Android Sensor Framework Software-based power side-channel attacks are a…
NDSS 2025 Power-Related Side-Channel Attacks Using The Android Sensor Framework

Nov 13, 2025 5:49 PM

Tags: access, android, attack, browser, chrome, computer, conference, data-breach, exploit, framework, google, Internet, mobile, network, side-channel, threat

SESSION Session 2D: Android Security 1 Authors, Creators & Presenters: Mathias Oberhuber (Graz University of Technology), Martin Unterguggenberger (Graz University of Technology), Lukas Maar (Graz University of Technology), Andreas Kogler (Graz University of Technology), Stefan Mangard (Graz University of Technology) PAPER Power-Related Side-Channel Attacks using the Android Sensor Framework Software-based power side-channel attacks are a…
Building checksec without boundaries with Checksec Anywhere

Nov 13, 2025 3:49 PM

Tags: access, android, apple, attack, control, data, exploit, firmware, infrastructure, mitigation, mobile, open-source, privacy, rust, software, threat, tool

Since its original release in 2009, checksec has become widely used in the software security community, proving useful in CTF challenges, security posturing, and general binary analysis. The tool inspects executables to determine which exploit mitigations (e.g., ASLR, DEP, stack canaries, etc.) are enabled, rapidly gauging a program’s defensive hardening. This success inspired numerous spinoffs:…
Russia imposes 24-hour mobile internet blackout for travelers returning home

Nov 12, 2025 8:49 PM

Tags: Internet, mobile, russia, ukraine

Concerns about domestic SIM card use in Ukrainian drones have led the Kremlin to impose a mobile internet “cooling-off period” for anyone returning home to Russia from abroad. First seen on therecord.media Jump to article: therecord.media/russia-24-hour-traveler-mobile-internet-blackouts-ukraine-drones
Russia imposes 24-hour mobile internet blackout for travelers returning home

Nov 12, 2025 8:49 PM

Tags: Internet, mobile, russia, ukraine

Concerns about domestic SIM card use in Ukrainian drones have led the Kremlin to impose a mobile internet “cooling-off period” for anyone returning home to Russia from abroad. First seen on therecord.media Jump to article: therecord.media/russia-24-hour-traveler-mobile-internet-blackouts-ukraine-drones
Data broker Kochava agrees to change business practices to settle lawsuit

Nov 12, 2025 6:49 PM

Tags: business, data, mobile

Mobile device users who sued the data broker Kochava are asking for final approval of a deal to force the company to no longer share or sell data revealing sensitive locations. First seen on therecord.media Jump to article: therecord.media/data-broker-kochava-business-change
Data broker Kochava agrees to change business practices to settle lawsuit

Nov 12, 2025 6:49 PM

Tags: business, data, mobile

Mobile device users who sued the data broker Kochava are asking for final approval of a deal to force the company to no longer share or sell data revealing sensitive locations. First seen on therecord.media Jump to article: therecord.media/data-broker-kochava-business-change
The Limitations of Google Play Integrity API (ex SafetyNet)

Nov 11, 2025 11:20 PM

Tags: api, google, mobile
The Limitations of Google Play Integrity API (ex SafetyNet)

Nov 11, 2025 11:20 PM

Tags: api, google, mobile
Patch Samsung flaw exploited to deliver spyware (CVE-2025-21042)

Nov 11, 2025 5:20 PM

Tags: cisa, cve, exploit, flaw, kev, mobile, spyware, update, vulnerability

CISA has added CVE-2025-21042, a vulnerability affecting Samsung mobile devices, to its Known Exploited Vulnerabilities (KEV) catalog, and has ordered US federal civilian … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/11/samsung-spyware-cve-2025-21042/
U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

Nov 11, 2025 11:20 AM

Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, mobile, vulnerability, zero-day

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung mobile devices flaw, tracked as CVE-2025-21042 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. The now-patched Samsung Galaxy flaw CVE-2025-21042 was exploited as a zero-day…
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks

Nov 11, 2025 8:19 AM

Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, mobile, rce, remote-code-execution, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in Samsung’s libimagecodec library. It could allow attackers to bypass security protections and execute arbitrary code…
CISA Issues Alert on Samsung 0-Day RCE Flaw Actively Exploited in Attacks

Nov 11, 2025 8:19 AM

Tags: attack, cisa, cve, cyber, cybersecurity, exploit, flaw, infrastructure, kev, mobile, rce, remote-code-execution, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical remote code execution vulnerability affecting Samsung mobile devices to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. Tracked as CVE-2025-21042, this zero-day flaw resides in Samsung’s libimagecodec library. It could allow attackers to bypass security protections and execute arbitrary code…
LANDFALL: Advanced Commercial-Grade Spyware Targeting Samsung Devices

Nov 10, 2025 5:20 PM

Tags: cybersecurity, defense, mobile, spyware

The discovery of LANDFALL highlights the need for stronger mobile defenses and proactive cybersecurity against advanced spyware. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/landfall-advanced-commercial-grade-spyware-targeting-samsung-devices/
Bösartige Apps im Google-Play-Store infiltrieren IoT- und OT-Systeme

Nov 10, 2025 2:19 PM

Tags: google, iot, mobile, threat

Zscaler veröffentlicht seinen jüngsten und deckt moderne Methoden zur Kompromittierung von mobilen Endgeräten, IoT- und OT-Systemen auf. Zscaler identifizierte dafür hunderte bösartige Apps im Google-Play-Store, die über 40 Millionen Mal heruntergeladen wurden vor allem von Usern auf der Suche nach Produktivitäts- und Workflow-Anwendungen. Auf Grundlage der […] First seen on netzpalaver.de Jump to article: netzpalaver.de/2025/11/10/boesartige-apps-im-google-play-store-infiltrieren-iot-und-ot-systeme/
Bösartige Apps im Google-Play-Store infiltrieren IoT- und OT-Systeme

Nov 10, 2025 2:19 PM

Tags: google, iot, mobile, threat

Zscaler veröffentlicht seinen jüngsten und deckt moderne Methoden zur Kompromittierung von mobilen Endgeräten, IoT- und OT-Systemen auf. Zscaler identifizierte dafür hunderte bösartige Apps im Google-Play-Store, die über 40 Millionen Mal heruntergeladen wurden vor allem von Usern auf der Suche nach Produktivitäts- und Workflow-Anwendungen. Auf Grundlage der […] First seen on netzpalaver.de Jump to article: netzpalaver.de/2025/11/10/boesartige-apps-im-google-play-store-infiltrieren-iot-und-ot-systeme/
Zscaler veröffentlicht den ThreatLabz 2025 Mobile IoT and OT Threat Report

Nov 10, 2025 12:20 PM

Tags: cloud, iot, mobile, threat

Die Analyse von mobilen Transaktionen und Cyberbedrohungen erfolgte auf Basis von 20 Mio. Ereignissen in der Zscaler Cloud zwischen Juni 2024 und Mai 2025. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/zscaler-veroeffentlicht-den-threatlabz-2025-mobile-iot-and-ot-threat-report/a42664/
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware

Nov 8, 2025 7:19 AM

Tags: android, attack, cve, exploit, flaw, mobile, spyware, zero-day

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary First…
Samsung Mobile Flaw Exploited as Zero-Day to Deploy LANDFALL Android Spyware

Nov 8, 2025 7:19 AM

Tags: android, attack, cve, exploit, flaw, mobile, spyware, zero-day

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary First…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Cybersecurity Snapshot: AI Will Take Center Stage in Cyber in 2026, Google Says, as MITRE Revamps ATTCK Framework

Nov 7, 2025 8:20 PM

Tags: access, ai, android, antivirus, api, apple, attack, authentication, business, cio, cisa, ciso, cloud, communications, container, control, credentials, cryptography, cve, cyber, cybercrime, cybersecurity, data, defense, detection, docker, endpoint, exploit, firewall, flaw, framework, google, governance, group, guide, hacker, identity, infrastructure, injection, Internet, kubernetes, leak, least-privilege, linux, malicious, malware, mfa, microsoft, mitigation, mitre, mobile, network, offense, oracle, programming, resilience, risk, risk-management, service, skills, soc, social-engineering, software, sophos, spam, strategy, supply-chain, switch, tactics, technology, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Learn why Google expects AI to transform cyber defense and offense next year, and explore MITRE’s major update to the ATT&CK knowledge base. We also cover a new McKinsey playbook for agentic AI security, along with the latest on Microsoft Exchange protection and the CIS Benchmarks. Key takeaways Google is forecasting that AI will kick…
Cyberattacks surge against IoT, mobile devices in critical infrastructure

Nov 7, 2025 6:19 PM

Tags: cyberattack, infrastructure, iot, malware, mobile

Manufacturing and energy firms saw some of the biggest increases in malware activity targeting connected devices. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/mobile-iot-attacks-surge-critical-infrastructure-zscaler/805008/
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…