Tag: mobile
-
WatchGuard VPN Client Flaw on Windows Enables SYSTEM”‘Level Command Execution
WatchGuard has released a critical security update for its Mobile VPN with IPSec client for Windows to address a privilege escalation vulnerability. The flaw, originating in the underlying software provided by NCP engineering, allows local attackers to execute arbitrary commands with the highest available privileges on a compromised machine. The vulnerability is tracked as NCPVE-2025-0626 (WatchGuard Advisory…
-
IoT Penetration Testing: Definition, Process, Tools, and Benefits
IoT penetration testing is a security assessment of the complete IoT ecosystem, from backend systems and cloud services to mobile devices and hardware. It involves a multi-stage simulated attack on IoT devices and their supporting system to identify security risks before attackers can exploit them. Unpatched firmware is responsible for 60% of IoT security breaches,……
-
Ivanti patches two actively exploited critical vulnerabilities in EPMM
install rpm url [patch_url] command.The RPM_12.x.0.x patch is applicable to EPMM software versions 12.5.0.x, 12.6.0.x, and 12.7.0.x. It is also compatible with the older 12.3.0.x and 12.4.0.x versions. Meanwhile the RPM_12.x.1.x patch is applicable to versions 12.5.1.0 and 12.6.1.0.”The RPM script does not survive a version upgrade,” the company warns. “If after applying the RPM…
-
Ivanti Fixes Actively Exploited RCE Flaws in Endpoint Manager Mobile
Ivanti patched actively exploited EPMM flaws that enable unauthenticated remote code execution. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/ivanti-fixes-actively-exploited-rce-flaws-in-endpoint-manager-mobile/
-
‘Critical’ Mobile Management Vulnerabilities Seeing Exploitation
A pair of critical-severity vulnerabilities affecting an Ivanti mobile management tool have been exploited in cyberattacks, according to the company. First seen on crn.com Jump to article: www.crn.com/news/security/2026/ivanti-critical-mobile-management-vulnerabilities-seeing-exploitation
-
Ivanti Endpoint Manager Vulnerability Allows Remote Code Execution,
Ivanti has disclosed two critical vulnerabilities affecting Endpoint Manager Mobile (EPMM) that could allow attackers to achieve unauthenticated remote code execution. The flaws, tracked as CVE-2026-1281 and CVE-2026-1340, both stem from code injection issues and carry a maximum CVSS severity score of 9.8, indicating critical risk to affected deployments. Vulnerability Overview Both vulnerabilities enable attackers…
-
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Tags: attack, cve, cybersecurity, endpoint, exploit, flaw, infrastructure, ivanti, kev, mobile, rce, remote-code-execution, update, vulnerability, zero-dayIvanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog.The critical-severity vulnerabilities are listed below -CVE-2026-1281 (CVSS score: First…
-
Ivanti provides temporary patches for actively exploited EPMM zero-day (CVE-2026-1281)
Ivanti has released provisional patches that fix two critical code injection vulnerabilities in Endpoint Manager Mobile (EPMM), one of which (CVE-2026-1281) has been exploited … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/30/ivanti-epmm-cve-2026-1281-cve-2026-1340/
-
Ivanti warns of two EPMM flaws exploited in zero-day attacks
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/
-
Google targets IPIDEA in crackdown on global residential proxy networks
Google disrupted IPIDEA, a major residential proxy network that enrolled users’ devices via SDKs embedded in mobile and desktop apps. Google and partners disrupted the IPIDEA residential proxy network, used by many threat actors, via legal domain takedowns, intelligence sharing on malicious SDKs, and ecosystem-wide enforcement. Google Play Protect now removes and blocks apps with…
-
Here’s the Company That Sold DHS ICE’s Notorious Face Recognition App
Tags: mobileImmigration agents have used Mobile Fortify to scan the faces of countless people in the US”, including many citizens. First seen on wired.com Jump to article: www.wired.com/story/mobile-fortify-face-recognition-nec-ice-cbp/
-
Stop Staring at JSON: How GenAI is Solving the API >>Context Crisis<<
Tags: ai, api, attack, authentication, banking, business, credentials, credit-card, data, endpoint, governance, mobile, organized, risk, soc, threat, toolThere is a moment that happens in every SOC (Security Operations Center) every day. An alert fires. An analyst looks at a dashboard and sees a UR: POST /vs/payments/proc/77a. And then they stop. They stare. And they ask the question that kills productivity: “What does this thing actually do?” Is it a critical payment gateway?…
-
Instagram Investigates Reported Vulnerability Allowing Access to Private Content
A server-side vulnerability in Instagram that allegedly allowed completely unauthenticated access to private account posts. This raises concerns about Meta’s vulnerability disclosure handling and the effectiveness of compensatory controls protecting user privacy. Technical Overview According to the disclosure, the vulnerability existed in Instagram’s mobile web interface and required no authentication or follower relationship to exploit.…
-
CISO’s predictions for 2026
Tags: access, ai, attack, authentication, automation, breach, business, ciso, cloud, control, credentials, cryptography, cyber, cyberattack, cybersecurity, data, data-breach, encryption, endpoint, extortion, finance, governance, government, healthcare, identity, infrastructure, malicious, mobile, mssp, network, password, penetration-testing, ransomware, risk, router, saas, soc, strategy, supply-chain, technology, threat, tool, vulnerability, warfareAI agents to reshape the threat landscape: But those same AI technologies are also changing the threat landscape. Toal points to a recent Anthropic report that documented the first large-scale AI-enabled cyberattack as an early warning sign. “I guarantee attackers will be more focused on using AI agents for what they want than a lot…
-
Outlook for iOS crashes, freezes due to coding error
Microsoft confirmed today that Outlook mobile may crash or freeze when launched on iPad devices due to a coding error. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-outlook-for-ios-crashes-freezes-due-to-coding-error/
-
Keeper Introduces Instant Account Switching and Passkey Improvements
Keeper Security has announced instant account switching and passkey enhancements across its mobile applications and browser extension. This update is said to be available across all major web browsers including iOS, Android and the Keeper Browser Extension. The instant account switching enables users to securely toggle between multiple Keeper accounts on the same device or…
-
Wie gut sind Handwerksbetriebe auf Cybervorfälle vorbereitet?
Cybersicherheit ist für viele Handwerksbetriebe heute Teil der täglichen Arbeit. Digitale Systeme, vernetzte Anwendungen und mobile Arbeitsweisen prägen Abläufe in Werkstätten, auf Baustellen und in der Verwaltung. Sophos ist im Rahmen einer Umfrage unter Handwerks- und handwerksnahen Betrieben der Frage nachgegangen, wie die Cybersicherheit organisiert ist und wie Betriebe ihre eigene Vorbereitung einschätzen. Cybersicherheit…
-
Greek police arrest scammers using fake cell tower hidden in car trunk
A vehicle search uncovered a mobile computing system hidden in the trunk and connected to a roof-mounted transmitter disguised as a shark-fin antenna. First seen on therecord.media Jump to article: therecord.media/greek-police-arrest-scammers-using-hidden-cell-towers
-
Microsoft Intune changes to start biting unprepared admins
Mobile application management updates mean apps could soon be blocked First seen on theregister.com Jump to article: www.theregister.com/2026/01/19/microsoft_intune_deadline/
-
Secure web browsers for the enterprise compared: How to pick the right one
Tags: access, ai, android, api, attack, browser, business, chrome, cloud, computer, control, corporate, data, encryption, endpoint, fortinet, gartner, google, guide, identity, linux, login, malicious, malware, mfa, mobile, monitoring, network, okta, phishing, saas, service, siem, software, technology, threat, tool, training, vpn, windows, zero-trustEnable MFA at the beginning of any browser session by default.Handle isolation controls both with respect to the user’s session and to isolate any application from cross-infection. This means controlling the movement of data between the browser, your particular endpoint and the web application or applications involved.Control access to web destinations, either to allow or…
-
SAML vs OIDC: Choosing the Right Protocol for Modern Single Sign-On
Tags: mobileComparing SAML and OIDC for enterprise SSO. Learn which protocol works best for web, mobile, and CIAM solutions in this deep dive for CTOs. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/saml-vs-oidc-choosing-the-right-protocol-for-modern-single-sign-on/
-
How Attackers Target Financial Applications and VAPT Stops Them?
Financial applications, ranging from mobile banking apps to payment gateways, are among the most targeted systems worldwide. In 2025 alone, the Indusface State of Application Security Report revealed that banks and financial institutions endured 1.2 billion attacks, with each financial app experiencing double the attack frequency compared to other industries. This surge highlights the urgent……
-
How Attackers Target Financial Applications and VAPT Stops Them?
Financial applications, ranging from mobile banking apps to payment gateways, are among the most targeted systems worldwide. In 2025 alone, the Indusface State of Application Security Report revealed that banks and financial institutions endured 1.2 billion attacks, with each financial app experiencing double the attack frequency compared to other industries. This surge highlights the urgent……
-
Google plans to make Chrome for Android an agentic browser with Gemini
Google appears to be testing a new feature that integrates Gemini into Chrome for Android, allowing you to use agentic browser capabilities on your mobile device. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/google-plans-to-make-chrome-for-android-an-agentic-browser-with-gemini/
-
Verizon Outage Felt Across United States
Cause Unknown But Many Previous Outages Due to Software Misconfiguration. Verizon customers along the Eastern Seaboard and Southern parts of the United States lost mobile phone connectivity Wednesday in an incident that appears to have peaked around 1 p.m. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/verizon-outage-felt-across-united-states-a-30524
-
Verizon Outage Knocks Out US Mobile Service, Including Some 911 Calls
A major Verizon outage appeared to impact customers across the United States starting around noon ET on Wednesday. Calls to Verizon customers from other carriers may also be impacted. First seen on wired.com Jump to article: www.wired.com/story/verizon-outage-knocks-out-us-mobile-service-including-some-911-calls/
-
France fines Free Mobile Euro42 million over 2024 data breach incident
The French data protection authority (CNIL) has imposed cumulative fines of Euro42 million on Free Mobile and its parent company, Free, for inadequate protection of customer data against cyber threats. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/france-fines-free-mobile-42-million-over-2024-data-breach-incident/
-
Ugandan officials turn off internet on eve of national elections
The Uganda Communication Commission (UCC) started turning off internet and mobile phone services on Tuesday, according to Amnesty International. First seen on therecord.media Jump to article: therecord.media/uganda-internet-shutdown-elections