Tag: mobile
-
Sunken Ships: Will Orgs Learn From Ivanti EPMM Attacks?
The April/May zero-day exploitations of Ivanti’s mobile device management platform meant unprecedented pwning of thousands of orgs by a Chinese APT, and history will probably repeat itself. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/sunken-ships-ivanti-epmm-attacks
-
Microsoft Copilot is rolling out GPT 5.2 as “Smart Plus” mode
Microsoft is rolling out GPT 5.2 to Copilot on the web, Windows, and mobile as a free upgrade, and it’ll coexist with the GPT 5.1 model. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-copilot-is-rolling-out-gpt-52-as-smart-plus-mode/
-
Microsoft Copilot is rolling out GPT 5.2 as “Smart Plus” mode
Microsoft is rolling out GPT 5.2 to Copilot on the web, Windows, and mobile as a free upgrade, and it’ll coexist with the GPT 5.1 model. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-copilot-is-rolling-out-gpt-52-as-smart-plus-mode/
-
Tipps für CISOs, die die Branche wechseln wollen
Tipps für CISOs mit “Vertical-Switch-Ambitionen”.In der Außenperspektive sollte es für Menschen, die es zum Chief Information Security Officer gebracht haben, eigentlich kein Problem sein, die Branche zu wechseln. In der Realität stellen viele Sicherheitsentscheider allerdings regelmäßig fest, dass das Gegenteil der Fall ist: Wenn man einmal in einer bestimmten Branche tätig ist, gestaltet es sich…
-
Why Mobile-First SaaS Needs Passwordless Authentication for Field Teams
Learn why passwordless authentication is essential for mobile-first SaaS used by field teams to improve security, speed, and productivity. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/why-mobile-first-saas-needs-passwordless-authentication-for-field-teams/
-
Italy fines Apple $116 million over App Store privacy policy issues
Italy’s competition authority (AGCM) has fined Apple Euro98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/
-
Italy fines Apple $116 million over App Store privacy policy issues
Italy’s competition authority (AGCM) has fined Apple Euro98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/
-
Italy fines Apple $116 million over App Store privacy policy issues
Italy’s competition authority (AGCM) has fined Apple Euro98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/italy-fines-apple-116-million-over-app-store-tracking-privacy-practices/
-
Best API Vulnerability Scanner in 2026
APIs (Application Programming Interfaces) have become the digital backbone of modern enterprises, seamlessly linking mobile applications, cloud platforms, and partner ecosystems. As their adoption rapidly progresses, APIs have also emerged as one of the most attractive entry points for hackers, thus signifying the importance of an API Vulnerability Scanner. By 2026, API security will have……
-
DDoS incident disrupts France’s postal and banking services ahead of Christmas
France’s La Poste confirmed that a distributed denial-of-service (DDoS) attack was the source of problems with its websites and mobile applications. First seen on therecord.media Jump to article: therecord.media/la-poste-france-ddos-disruption-days-before-christmas
-
South Korea to require facial recognition for new mobile numbers
South Korea will begin requiring facial recognition when signing up for a new mobile phone number in a bid to fight scams, the Ministry of Science and ICT announced. First seen on therecord.media Jump to article: therecord.media/south-korea-facial-recognition-phones
-
Android Malware Operations Merge Droppers, SMS Theft, and RAT Capabilities at Scale
Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan.”Previously, users received ‘pure’ Trojan APKs that acted as malware immediately upon installation,” Group-IB said in an analysis published last week. “Now, adversaries increasingly deploy First seen on…
-
WhatsApp accounts targeted in ‘GhostPairing’ attack
Defending WhatsApp: Users can check which devices are paired via WhatsApp via Settings > Linked Devices. A rogue device link will appear here. Despite having access to a user’s WhatsApp account, the attacker can’t revoke their device access, which must be initiated by the primary device. Another tip is to enable two-step PIN verification. This…
-
WhatsApp accounts targeted in ‘GhostPairing’ attack
Defending WhatsApp: Users can check which devices are paired via WhatsApp via Settings > Linked Devices. A rogue device link will appear here. Despite having access to a user’s WhatsApp account, the attacker can’t revoke their device access, which must be initiated by the primary device. Another tip is to enable two-step PIN verification. This…
-
Kimsuky Spreads DocSwap Android Malware via QR Phishing Posing as Delivery App
The North Korean threat actor known as Kimsuky has been linked to a new campaign that distributes a new variant of Android malware called DocSwap via QR codes hosted on phishing sites mimicking Seoul-based logistics firm CJ Logistics (formerly CJ Korea Express).”The threat actor leveraged QR codes and notification pop-ups to lure victims into installing…
-
CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited
Tags: access, advisory, attack, authentication, control, cve, cyber, data, exploit, firewall, flaw, injection, international, mobile, ransomware, sql, vulnerability, zero-dayA zero-day vulnerability in SonicWall’s Secure Mobile Access (SMA) 1000 was reportedly exploited in the wild in a chained attack with CVE-2025-23006. Key takeaways: CVE-2025-40602 is a local privilege escalation vulnerability in the appliance management console (AMC) of the SonicWall SMA 1000 appliance. CVE-2025-40602 has been exploited in a chained attack with CVE-2025-23006, a deserialization…
-
Exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/sonicwall-cve-2025-40602/
-
Kimsuky Hackers Use Weaponized QR Codes to Distribute Malicious Mobile Apps
Threat researchers have uncovered a sophisticated mobile malware campaign attributed to North Korea-linked threat actor Kimsuky, leveraging weaponized QR codes and fraudulent delivery service impersonations to trick users into installing remote access trojans on their smartphones. The ENKI WhiteHat Threat Research Team identified the latest iteration of >>DOCSWAP
-
Microsoft to Block Exchange Online Access from Outdated Devices
Microsoft has announced a significant update to its device connectivity policies for Exchange Online, aimed at enhancing security and ensuring users are on modern protocols. Starting March 1, 2026, mobile devices running Exchange ActiveSync (EAS) versions older than 16.1 will no longer be able to connect to Exchange Online mailboxes. Exchange ActiveSync version 16.1 was originally…
-
SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances
SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild.The vulnerability, tracked as CVE-2025-40602 (CVSS score: 6.6), concerns a case of local privilege escalation that arises as a result of insufficient authorization in the appliance management console…
-
Actively exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/sonicwall-cve-2025-40602/
-
Actively exploited SonicWall zero-day patched (CVE-2025-40602)
SonicWall has patched a local privilege escalation vulnerability (CVE-2025-40602) affecting its Secure Mobile Access (SMA) 1000 appliances and is urging customers to apply the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/sonicwall-cve-2025-40602/
-
Cellik Android Malware Uses One-Click APK Builder to Hide in Play Store Apps
A newly discovered Android Remote Access Trojan (RAT) called Cellik is democratizing sophisticated mobile surveillance attacks by bundling advanced spyware capabilities with an automated tool that allows attackers to inject malicious code into legitimate Google Play Store applications seamlessly. The malware address a significant escalation in Android-targeted threats, combining complete device control, real-time surveillance, and…
-
Cellik Android Malware Uses One-Click APK Builder to Hide in Play Store Apps
A newly discovered Android Remote Access Trojan (RAT) called Cellik is democratizing sophisticated mobile surveillance attacks by bundling advanced spyware capabilities with an automated tool that allows attackers to inject malicious code into legitimate Google Play Store applications seamlessly. The malware address a significant escalation in Android-targeted threats, combining complete device control, real-time surveillance, and…