Tag: phone
-
Product showcase: NetGuard open-source firewall for Android
NetGuard is a free, open-source firewall for Android phones and tablets that provides users with a simple way to block internet access. Android does not allow VPN services to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/08/product-showcase-netguard-open-source-firewall-android/
-
CloudZ RAT Abuses Windows Phone Link to Steal OTPs
Cisco Talos discovered the CloudZ RAT exploiting Microsoft Phone Link to intercept SMS-based OTPs from Windows endpoints. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/cloudz-rat-abuses-windows-phone-link-to-steal-otps/
-
Fake Call History Apps on Google Play Steal Payments, Hit 7.3M+ Downloads
28 fake “call history” utilities on Google Play, collectively installed more than 7.3 million times, have been exposed as subscription scams that generate fabricated logs instead of real phone records, with several also bypassing Google’s official billing system to make refunds harder for victims. The CallPhantom apps advertise an impossible service: detailed call histories, SMS…
-
Scammers Exploit Disposable VoIP Numbers to Bypass Reputation Blocking
New tactics used by threat actors who embed phone numbers in scam emails as a key indicator of compromise (IOC), revealing how attackers exploit VoIP infrastructure to evade detection and scale fraud operations. Telephone-oriented attack delivery (TOAD) remains a dominant phishing technique, in which victims are lured to call attacker-controlled numbers rather than clicking malicious…
-
CallPhantom Android scam reached 7.3 million downloads on Google Play
Scams targeting Android users in India and across the Asia-Pacific region have grown around a long-standing curiosity gap: the desire to look up call records tied to a phone … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/07/callphantom-android-scam-google-play/
-
Police wrongly identified solicitor Fahad Ansari as Hamas member during Schedule 7 phone seizure
Tags: phoneA police officer wrongly described a solicitor acting for Hamas in an appeal against its proscribed status in the UK as a Hamas member during Schedule 7 phone seizure First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366642804/Police-wrongly-identified-solicitor-Fahad-Ansari-as-Hamas-member-during-Schedule-7-phone-seizure
-
Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA
In hard-to-detect attacks, hackers are dropping the CloudZ RAT and a fresh plugin, Pheno, to hijack the Windows-based bridge between PCs and smartphones. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/attacks-abuse-windows-phone-link-texts-bypass-2fa
-
CloudZ Malware Abuses Phone Link to Steal SMS OTPs
Cisco Talos uncovers CloudZ RAT and Pheno plugin abusing Microsoft Phone Link to intercept SMS OTPs First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cloudz-rat-pheno-phone-link-otp/
-
CloudZ RAT Exploits Microsoft Phone Link to Steal SMS OTPs
CloudZ is a new modular remote access trojan that abuses Microsoft’s built”‘in Phone Link feature to steal SMS one”‘time passwords (OTPs) and other mobile notifications directly from Windows PCs, without infecting the phone itself. Microsoft Phone Link (formerly “Your Phone”) is integrated into Windows 10 and 11 to mirror smartphone SMS messages, application notifications, call…
-
Insights into the clustering and reuse of phone numbers in scam emails
Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/insights-into-the-clustering-and-reuse-of-phone-numbers-in-scam-emails/
-
Windows Phone Link Exploited by CloudZ RAT to Steal Credentials and OTPs
Cybersecurity researchers have disclosed details of an intrusion that involved the use of a CloudZ remote access tool (RAT) and a previous undocumented plugin dubbed Pheno with the aim of facilitating credential theft.”According to the functionalities of the CloudZ RAT and Pheno plugin, this was with the intention of stealing victims’ credentials and potentially one-time…
-
Google expands Android Binary Transparency to counter supply chain attacks
Supply chain attacks on mobile software have grown alongside the expanding role of phones in daily life, from payments to government IDs to AI features. Google is responding … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/06/google-android-binary-transparency/
-
Stealthy malware abuses Microsoft Phone Link to siphon SMS OTPs from enterprise PCs
Multi-stage infection chain: The intrusion begins with an unknown initial access vector, followed by the execution of a malicious file disguised as a ScreenConnect update, Talos said.The initial payload is a Rust-compiled loader using filenames such as “systemupdates.exe,” which drops a .NET loader disguised as a text file in a system directory, the post said.Persistence…
-
CloudZ malware abuses Microsoft Phone Link to steal SMS and OTPs
A new version of the CloudZ remote access tool (RAT) is deploying a previously unseen malicious plugin called Pheno that hijacks the Microsoft Phone Link connection to steal sensitive codes from mobile devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloudz-malware-abuses-microsoft-phone-link-to-steal-sms-and-otps/
-
The fake IT worker problem CISOs can’t ignore
Tags: access, ai, breach, business, captcha, cio, ciso, compliance, computer, control, credentials, crowdstrike, data, detection, edr, endpoint, fedramp, fraud, gartner, iam, identity, jobs, linkedin, mitigation, monitoring, network, north-korea, office, phone, risk, skills, tool, training, zero-trustWhat to do if you suspect a fake IT worker: When a CIO suspects a fake IT worker, next steps are important as the issue shifts from recruitment to insider risk management.During his time at MongoDB, George Gerchow, IANS faculty advisor and Bedrock Data CSO, oversaw the investigation after the company detected it had unknowingly…
-
Your work apps are quietly handing 19 data points to someone
Office work in 2026 runs through a stack of mobile apps that sit on the same phones people use for banking, messaging family, and tracking their location. Ten of the most … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/04/workplace-apps-data-collection-privacy/
-
Where to buy a non-Apple, non-Google smartphone
Both Cupertino and Google are imposing ever stricter limits on their phones but you have alternatives First seen on theregister.com Jump to article: www.theregister.com/2026/05/01/buy_a_foss_fondleslab/
-
Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones
Samsung’s One UI 8.5 update may bring stronger Galaxy security controls as users report battery drain and overheating after recent patches. The post Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-samsung-one-ui-8-5-galaxy-security-battery-drain/
-
Fake CAPTCHA Scam Uses SMS Pumping to Inflate Phone Bills
A newly uncovered cyber fraud campaign is abusing fake CAPTCHA pages to trick mobile users into sending large volumes of international SMS messages, resulting in unexpected phone bills and illicit profits for attackers. Unlike traditional malware campaigns, this operation does not require installing malicious software. Instead, it exploits telecom billing systems and affiliate revenue models…
-
90,000 Screenshots of One Celebrity’s Phone Were Exposed Online
Spyware appears to have captured everything from intimate photos to private messages from the smartphone of European celebrity. They were publicly accessible until a researcher flagged the exposure. First seen on wired.com Jump to article: www.wired.com/story/exposed-data-illustrates-the-nightmare-scenario-for-a-stalkerware-victim/
-
Large-scale Roblox hacking operation shut down by Ukrainian authorities
Ukrainian police arrested three hackers who hijacked 610,000 Roblox accounts and sold them for $225,000 in profit. Police in Ukraine arrested three suspects accused of hacking over 610,000 Roblox accounts and selling them for about $225,000. Officers carried out multiple searches in Lviv, seizing cash, phones, computers, laptops, tablets, and USB drives. The operation disrupted…
-
Scam-checking just got a lot easier: Malwarebytes is now in Claude
We’re in Claude! Now everyone can use our threat intel to check suspicious links, phone numbers, or email addresses. We’re committed to helping you spot scams. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/scam-checking-just-got-a-lot-easier-malwarebytes-is-now-in-claude/
-
GoDaddy customer claims registrar transferred 27-year-old domain without any security checks
32 phone calls, 17 email chains, a 5-day ordeal, and no help during the daddy of all stuffups, claim those affected First seen on theregister.com Jump to article: www.theregister.com/2026/04/29/godaddy_megagaffe_wrongly_transferred_27yearold/
-
GoDaddy customer claims registrar transferred 27-year-old domain without any security checks
32 phone calls, 17 email chains, a 5-day ordeal, and no help during the daddy of all stuffups, claim those affected First seen on theregister.com Jump to article: www.theregister.com/2026/04/29/godaddy_megagaffe_wrongly_transferred_27yearold/
-
ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs
ADT confirmed a data breach exposing customer names, addresses, phone numbers, and partial SSNs, with millions of records reportedly affected. The post ADT Confirms Major Data Breach Exposing Millions of Names, Partial SSNs appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-adt-data-breach-millions-customer-records/
-
Fake CAPTCHA scam turns a quick click into a costly phone bill
Scammers are using fake CAPTCHA pages to rack up international SMS charges on victims’ phone bills, and then take a cut. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/fake-captcha-scam-turns-a-quick-click-into-a-costly-phone-bill/
-
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/
-
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/
-
Have I Been Pwned claims Pitney Bowes hit by 8.2M email address leak
Names, phone numbers, physical addresses also included in Shiny Hunters alleged data dump First seen on theregister.com Jump to article: www.theregister.com/2026/04/28/pitney_bowes_is_the_latest/
-
Fake CAPTCHA IRSF Scam and 120 Keitaro Campaigns Drive Global SMS, Crypto Fraud
Cybersecurity researchers have disclosed details of a telecommunications fraud campaign that uses fake CAPTCHA verification tricks to dupe unsuspecting users into sending international text messages that incur charges on their mobile bills, generating illicit revenue for the threat actors who lease the phone numbers.According to a new report published by Infoblox, the operation is believed…