Tag: phone
-
Critical Grandstream VoIP Bug Highlights SMB Security Blind Spot
CVE-2026-2329 allows unauthenticated root-level access to SMB phone infrastructure, so attackers can intercept calls, commit toll fraud, and impersonate users. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/grandstream-bug-voip-security-blind-spot
-
Data breach at fintech giant Figure affects close to a million customers
The Figure data breach allowed hackers to steal customer names, dates of birth, physical addresses, phone numbers, and email addresses. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/18/data-breach-at-fintech-giant-figure-affects-close-to-a-million-customers/
-
Substack Breach May Have Leaked Nearly 700,000 User Details Online
Substack says hackers accessed user emails, phone numbers, and internal metadata in October 2025, with a database of 697,313 records later posted online. The post Substack Breach May Have Leaked Nearly 700,000 User Details Online appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-substack-data-breach-user-accounts-leaked/
-
Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody
New research from the Citizen Lab has found signs that Kenyan authorities used a commercial forensic extraction tool manufactured by Israeli company Cellebrite to break into a prominent dissident’s phone, making it the latest case of abuse of the technology targeting civil society.The interdisciplinary research unit at the University of Toronto’s Munk School of Global…
-
Grandstream GXP1600 VoIP Phones Exposed to Unauthenticated Remote Code Execution
Tags: control, cve, cvss, cybersecurity, data-breach, flaw, phone, remote-code-execution, voip, vulnerabilityCybersecurity researchers have disclosed a critical security flaw in the Grandstream GXP1600 series of VoIP phones that could allow an attacker to seize control of susceptible devices.The vulnerability, tracked as CVE-2026-2329, carries a CVSS score of 9.3 out of a maximum of 10.0. It has been described as a case of unauthenticated stack-based buffer overflow…
-
Predator spyware used to infect phone belonging to Angolan journalist, report says
The finding is the latest evidence that despite being placed on the U.S. government’s Entity List in July 2023, Predator manufacturer the Intellexa Consortium has continued to operate in the shadows. First seen on therecord.media Jump to article: therecord.media/predator-spyware-used-to-infect-phone-angola-journalist
-
Citizen Lab: Kenyan authorities used Cellebrite to break into phone of dissident
Traces of commercial surveillance technology manufactured by the Israeli spyware maker Cellebrite were found on a prominent Kenyan dissident’s phone, the latest in a series of abuses of the technology targeting civil society. First seen on therecord.media Jump to article: therecord.media/spyware-kenya-cellebrite-activist
-
Side-Channel Attacks Against LLMs
Tags: access, attack, chatgpt, credit-card, data, defense, exploit, LLM, monitoring, network, open-source, openai, phone, side-channelHere are three papers describing different side-channel attacks against LLMs. “Remote Timing Attacks on Efficient Language Model Inference”: Abstract: Scaling up language models has significantly increased their capabilities. But larger models are slower models, and so there is now an extensive body of work (e.g., speculative sampling or parallel decoding) that improves the (average case)…
-
Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone
The research lab says forensic evidence suggests the phone-cracking technology was used against Boniface Mwangi after his July arrest. First seen on cyberscoop.com Jump to article: cyberscoop.com/citizen-lab-kenya-cellebrite-phone-cracking-boniface-mwangi-forensic-evidence/
-
Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone
The research lab says forensic evidence suggests the phone-cracking technology was used against Boniface Mwangi after his July arrest. First seen on cyberscoop.com Jump to article: cyberscoop.com/citizen-lab-kenya-cellebrite-phone-cracking-boniface-mwangi-forensic-evidence/
-
Poland arrests suspect linked to Phobos ransomware operation
Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/poland-arrests-suspect-linked-to-phobos-ransomware-operation/
-
DSS Files Charges Against El-Rufai Over Alleged NSA Phone Interception
The legal and political tensions surrounding former Kaduna State governor Nasir El-Rufai have escalated following the Federal Government’s decision to file a three-count criminal charge against him at the Federal High Court in Abuja. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/dss-charges-el-rufai-nsa-phone-interception/
-
Dutch phone giant Odido says millions of customers affected by data breach
The Dutch phone giant Odido is the latest phone and internet company to be hacked in recent months, as governments and financially motivated hackers continue to steal highly confidential information about phone customers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/13/dutch-phone-giant-odido-says-millions-of-customers-affected-by-data-breach/
-
Odido confirms massive breach; 6.2 Million customers impacted
Hackers accessed data from 6.2 million Odido accounts, exposing names, contacts, bank details, and ID numbers. Subsidiary Ben also warned customers. Hackers broke into Dutch telecom firm Odido and accessed data from 6.2 million accounts. The company confirmed the breach and said attackers took names, addresses, phone numbers, email addresses, bank account details, dates of…
-
Dutch mobile phone giant Odido announces data breach
In a statement about the incident, Odido CEO Søren Abildgaard said names, bank account numbers, addresses, mobile numbers, email addresses, account numbers and IDs were stolen. First seen on therecord.media Jump to article: therecord.media/dutch-telecom-giant-announces-data-breach
-
SMS and OTP Bombing Campaigns Found Abusing API, SSL and Cross-Platform Automation
The modern authentication ecosystem runs on a fragile assumption: that requests for one-time passwords are genuine. That assumption is now under sustained pressure. What began in the early 2020s as loosely shared scripts for irritating phone numbers has evolved into a coordinated ecosystem of SMS and OTP bombing tools engineered for scale, speed, and persistence.…
-
Singapore says China-backed hackers targeted its four largest phone companies
The Singaporean government said the China-backed hackers gained “limited access to critical systems” run by the country’s top four telecommunication giants, but said they did not disrupt services or steal customers’ data. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/10/singapore-china-backed-hackers-targeted-largest-phone-companies-salt-typhoon/
-
Google Warns Over 1 Billion Android Phones Are Now at Risk
Google warns that over 40% of Android devices no longer receive security updates, leaving more than 1 billion devices exposed to malware and spyware attacks. The post Google Warns Over 1 Billion Android Phones Are Now at Risk appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-android-update-billion-devices-risk/
-
Cyber Attack Hits European Commission Staff Mobile Systems
The European Commission reports a cyber attack on its central mobile infrastructure that may have exposed staff names and phone numbers. First seen on hackread.com Jump to article: hackread.com/cyber-attack-european-commission-staff-mobile-systems/
-
Hacktivist scrapes over 500,000 stalkerware customers’ payment records
More than half-a-million people who bought access to phone surveillance and social media snooping apps had their email address and partial payment card numbers published online. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/09/hacktivist-scrapes-over-500000-stalkerware-customers-payment-records/
-
European Commission probes cyberattack on mobile device management system
The European Commission is investigating a cyberattack after detecting signs that its mobile device management system was compromised. The European Commission is investigating a cyberattack on its mobile device management platform after detecting intrusion traces. Attackers may have accessed some staff data, including names and phone numbers, but so far they have not compromised any…
-
DKnife toolkit abuses routers to spy and deliver malware since 2019
DKnife is a Linux toolkit used since 2019 to hijack router traffic and deliver malware in cyber-espionage attacks. Cisco Talos found DKnife, a powerful Linux toolkit that threat actors use to spy on and control network traffic through routers and edge devices. It inspects and alters data in transit and installs malware on PCs, phones,…
-
Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data
Plus: Apple’s Lockdown mode keeps the FBI out of a reporter’s phone, Elon Musk’s Starlink cuts off Russian forces, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-moltbook-the-social-network-for-ai-agents-exposed-real-humans-data/
-
China-Nexus Hackers Target Linux Devices to Redirect Traffic and Deploy Malware
>>DKnife,<< a sophisticated gateway-monitoring and adversary-in-the-middle (AitM) framework that turns Linux-based routers and edge devices into surveillance tools. Active since at least 2019, this campaign employs seven distinct Linux implants to inspect network traffic, hijack legitimate software downloads, and deploy advanced malware. The framework remains active as of January 2026, targeting personal computers, mobile phones,…
-
Why Attackers no Longer Need to Break in: The Rise of Identity-Based Attacks
In 2026 stolen credentials and unmanaged machine identities drive breaches”, small buys, phone scams, and weak IAM make identity the real perimeter; prioritize inventory, least privilege, and stronger auth. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/why-attackers-no-longer-need-to-break-in-the-rise-of-identity-based-attacks/
-
Substack Breach: 662,752 User Records Leaked on Cybercrime Forum
Substack confirms a breach after hacker accessed internal user records now circulating on crime forums, exposing emails, phone numbers, and account metadata. First seen on hackread.com Jump to article: hackread.com/substack-breach-user-records-leak-cybercrime-forum/
-
Hacker claims theft of data from 700,000 Substack users; Company confirms breach
Substack confirmed a data breach after a hacker leaked data from nearly 700,000 users, including email addresses and phone numbers. Substack is an online platform for publishing email”‘based newsletters and blogs, with built”‘in paid subscriptions and basic analytics. It’s free to start; creators pay a fee on paid plans. In 2026 it’s estimated to serve…
-
Substack says intruder lifted emails, phone numbers in months-old breach
Contact details were accessed in an intrusion that went undetected for months, the blogging outfit says First seen on theregister.com Jump to article: www.theregister.com/2026/02/05/substack_admit_security_incident/