Tag: phone
-
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0.”A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to First…
-
Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)
Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/13/zero-day-exploited-to-compromise-fortinet-fortivoice-systems-cve-2025-32756/
-
How Can Fintech Companies Balance Innovation with Customer Protection?
Picture a world where your phone isn’t just a device, but a gateway to a financial revolution. The fintech industry is rewriting the rules of…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2025/05/how-can-fintech-companies-balance-innovation-with-customer-protection/
-
Fortinet fixes critical zero-day exploited in FortiVoice attacks
Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-fixes-critical-zero-day-exploited-in-fortivoice-attacks/
-
Mitel SIP Phone Flaws Allow Attackers to Inject Malicious Commands
A pair of vulnerabilities in Mitel’s 6800 Series, 6900 Series, and 6900w Series SIP Phones-including the 6970 Conference Unit-could enable attackers to execute arbitrary commands or upload malicious files to compromised devices, posing significant risks to enterprise communication systems. The flaws, disclosed in Mitel’s Product Security Advisory MISA-2025-0004, include a critical-severity command injection bug (CVE-2025-47188)…
-
The Subscription Society
In the quaint town of Everyville, USA, Sarah starts her day with a familiar routine. She wakes up in her rented apartment, checks her phone (leased through her mobile plan), and streams her favourite morning playlist on Spotify. As she sips her coffee, brewed from beans delivered monthly by a subscription service, Sarah reflects on……
-
ClickFunnels Investigates Breach After Hackers Leak Business Data
ClickFunnels is investigating a data breach after hackers leaked detailed business data, including emails, phone numbers, and company… First seen on hackread.com Jump to article: hackread.com/clickfunnels-investigate-breach-hackers-leak-business-data/
-
Signal Clone Used by Mike Waltz Pauses Service After Reports It Got Hacked
The communications app TeleMessage, which was spotted on former US national security adviser Mike Waltz’s phone, has suspended “all services” as it investigates reports of at least one breach. First seen on wired.com Jump to article: www.wired.com/story/signal-clone-used-by-mike-waltz-pauses-service-after-reports-it-got-hacked/
-
Hackers Selling SS7 0-Day Exploit on Dark Web for $5,000
A newly discovered dark web listing claims to sell a critical SS7 protocol exploit for $5,000, raising alarms about global telecom security. The seller, operating under the alias >>GatewayPhantom,
-
Open source AI hiring bots favor men, leave women hanging by the phone
Easy fix: Telling LLMs to cosplay Lenin makes ’em more gender blind First seen on theregister.com Jump to article: www.theregister.com/2025/05/02/open_source_ai_models_gender_bias/
-
Phone theft is turning into a serious cybersecurity risk
Phone theft is a rising issue worldwide, and it’s more than just a property crime. It’s a serious cybersecurity threat. In the UK alone, the Metropolitan Police recovers 1,000 … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/02/phone-theft-cybersecurity-threat/
-
Thomas Herdman’s legal battle over Sky ECC encrypted phone distribution set to enter fifth year
Computer Weekly speaks to Julie Kawai Herdman, daughter of Thomas Herdman, the only person in custody for distributing Sky ECC encrypted phones First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366623396/Thomas-Herdmans-legal-battle-over-Sky-ECC-encrypted-phone-distribution-set-to-enter-fifth-year
-
GPUAF: Two Methods to Root Qualcomm-Based Android Phones
Security researchers have exposed critical vulnerabilities in Qualcomm GPU drivers, impacting a vast array of Android devices from brands like Samsung, Honor, Xiaomi, and Vivo. These exploits, centered around the GPU Address Fault (GPUAF) primitive, target the kgsl_mem_entry and Virtual Buffer Object (VBO) structures. By leveraging race conditions and memory management flaws, attackers can achieve…
-
‘Source of data’: are electric cars vulnerable to cyber spies and hackers?
British defence firms have reportedly warned staff not to connect their phones to Chinese-made EVsMobile phones and desktop computers are longstanding targets for cyber spies but how vulnerable are electric cars?On Monday the i newspaper claimed that British defence firms working for the UK government have warned staff against connecting or pairing their phones with…
-
Misconfiguration leaks Second Phone Number iOS app data
First seen on scworld.com Jump to article: www.scworld.com/brief/misconfiguration-leaks-second-phone-number-ios-app-data
-
NFC-Powered Android Malware Enables Instant Cash-Outs
Researchers at security vendor Cleafy detailed a malware known as SuperCard X that uses the NFC reader on a victim’s own phone to steal credit card funds instantly. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/nfc-android-malware-instant-cash-outs
-
Despite Recent Security Hardening, Entra ID Synchronization Feature Remains Open for Abuse
Microsoft synchronization capabilities for managing identities in hybrid environments are not without their risks. In this blog, Tenable Research explores how potential weaknesses in these synchronization options can be exploited. Synchronizing identity accounts between Microsoft Active Directory (AD) and Entra ID is important for user experience, as it seamlessly synchronizes user identities, credentials and groups…
-
10 key questions security leaders must ask at RSA 2025
Tags: access, ai, api, application-security, authentication, automation, business, cisa, ciso, cloud, conference, control, corporate, cve, cyber, cybersecurity, data, defense, detection, edr, endpoint, fido, finance, gartner, google, government, healthcare, infrastructure, microsoft, mitigation, mitre, monitoring, mssp, network, nist, passkey, password, phone, programming, resilience, risk, risk-management, service, software, strategy, switch, threat, tool, training, vulnerability, zero-trustIs agentic AI more myth than reality?: Building on 2024’s AI enthusiasm, this year will be all about agentic AI, defined as “a type of AI that enables software systems to act autonomously, making decisions and taking actions based on goals, with minimal human intervention,” according to AI itself (source: Google Gemini). We’ll see lots…
-
New payment-card scam involves a phone call, some malware and a personal tap
A new payment card scam uses malware disguised as a security tool or verification utility to capture card details and access funds. First seen on therecord.media Jump to article: therecord.media/new-payment-card-scam-involves-malware-tap
-
The UK’s phone theft crisis is a wake-up call for digital security
Phone theft is now commonplace in London. The Met Police recently revealed that it seizes 1,000 stolen phones weekly as it cracks down on organized criminal networks driving … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/18/uk-phone-theft-crisis/
-
Breach Roundup: Cyber Insurance Market Set to Double by 2030
Also, a ‘Perfect Tool’ for Cyberespionage and EU Stocks Up on Burner Phones. This week, the cyber insurance market could double, Europe to use burner phones in the U.S., a BPFDoor campaign, Alcasec faces Spanish prison, a Thai harassment campaign and charges in Taiwan for a Chinese captain. China stonewalled a Swedish cable cutting investigation.…
-
Android Phones Pre-Downloaded With Malware Target User Crypto Wallets
The threat actors lace pre-downloaded applications with malware to steal cryptocurrency by covertly swapping users’ wallet addresses with their own. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/android-pre-downloaded-malware-crypto-wallets
-
Signalgate chats vanish from CIA chief phone
Extraordinary rendition of data, or just dropped it out of a helicopter? First seen on theregister.com Jump to article: www.theregister.com/2025/04/16/cia_signalgate_chat/
-
Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps
Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping. These clippers swap copied wallet addresses with the attackers’ own. The campaign targeted low-end…
-
Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024.While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to…
-
For security, Android phones will now auto-reboot after three days
The update comes months after Apple pushed its own “inactivity reboot” feature. First seen on techcrunch.com Jump to article: techcrunch.com/2025/04/15/for-security-android-phones-will-now-auto-reboot-after-three-days/
-
EU confirms issuing ‘burner phones’ to top officials but denies practice caused by Trump
Tags: phoneThe European Commission said it does issue “burner phones” to officials, but there has been no specific guidance recommending that they be used while on missions in the U.S. First seen on therecord.media Jump to article: therecord.media/eu-burner-phones-traveling-officials