Tag: phone

Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks

Oct 17, 2025 11:07 AM

Tags: attack, cisco, communications, cyber, dos, flaw, phone, risk, service, vulnerability, xss

Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications…
Cisco Desk, IP, and Video Phones Vulnerable to Remote DoS and XSS Attacks

Oct 17, 2025 11:07 AM

Tags: attack, cisco, communications, cyber, dos, flaw, phone, risk, service, vulnerability, xss

Multiple Cisco desk, IP, and video phones are at risk of remote denial-of-service (DoS) and cross-site scripting (XSS) attacks due to flaws in their Session Initiation Protocol (SIP) software. The weaknesses affect Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 models when they are registered to Cisco Unified Communications…
German parliamentarian urges officials to investigate Hungary for spyware abuse

Oct 16, 2025 7:07 PM

Tags: country, phone, service, spyware

A German member of the European Parliament has filed a complaint urging authorities to investigate Hungarian Prime Minister Viktor OrbÃ¡n for allegedly ordering the country’s secret service to break into his phone with spyware. First seen on therecord.media Jump to article: therecord.media/german-parliament-hungary-spyware
Locked out of your Gmail account? Google says phone a friend

Oct 16, 2025 5:07 PM

Tags: google, phone

Recovery feature lets trusted contacts help you get back in when other methods fail First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/google_gmail_trusted_contacts/
Locked out of your Gmail account? Google says phone a friend

Oct 16, 2025 5:07 PM

Tags: google, phone

Recovery feature lets trusted contacts help you get back in when other methods fail First seen on theregister.com Jump to article: www.theregister.com/2025/10/16/google_gmail_trusted_contacts/
Satellites found exposing unencrypted data, including phone calls and some military comms

Oct 14, 2025 4:23 PM

Tags: data, data-breach, military, mobile, phone

Researchers spent the past year alerting affected organizations, including T-Mobile and ATT, but warn that large amounts of satellite data will remain unencrypted and exposed for some years to come. First seen on techcrunch.com Jump to article: techcrunch.com/2025/10/14/satellites-found-exposing-unencrypted-data-including-phone-calls-and-some-military-comms/
Vodafone keels over, cutting off millions of mobile and broadband customers

Oct 14, 2025 11:23 AM

Tags: mobile, phone

Outage knocks out phones, broadband even telco’s own status page First seen on theregister.com Jump to article: www.theregister.com/2025/10/13/vodafone_outage/
Vodafone keels over, cutting off millions of mobile and broadband customers

Oct 14, 2025 11:23 AM

Tags: mobile, phone

Outage knocks out phones, broadband even telco’s own status page First seen on theregister.com Jump to article: www.theregister.com/2025/10/13/vodafone_outage/
Hackers can steal 2FA codes and private messages from Android phones

Oct 14, 2025 12:23 AM

Tags: 2fa, android, attack, hacker, malicious, phone

Malicious app required to make “Pixnapping” attack work requires no permissions. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
Hackers can steal 2FA codes and private messages from Android phones

Oct 14, 2025 12:23 AM

Tags: 2fa, android, attack, hacker, malicious, phone

Malicious app required to make “Pixnapping” attack work requires no permissions. First seen on arstechnica.com Jump to article: arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
Why you keep getting job scam texts

Oct 13, 2025 5:23 PM

Tags: jobs, phone, scam
Why you keep getting job scam texts

Oct 13, 2025 5:23 PM

Tags: jobs, phone, scam
Why you keep getting job scam texts

Oct 13, 2025 5:23 PM

Tags: jobs, phone, scam
Dull but dangerous: A guide to 15 overlooked cybersecurity blind spots

Oct 13, 2025 2:24 PM

Tags: access, ai, api, attack, backup, cloud, control, corporate, credentials, crypto, cybersecurity, data, detection, dns, edr, email, encryption, endpoint, exploit, firewall, firmware, governance, guide, iam, identity, iot, leak, least-privilege, linux, malicious, mfa, network, password, phishing, phone, ransomware, resilience, saas, sbom, service, siem, strategy, supply-chain, tool, unauthorized, update, vulnerability

Server time synchronization (NTP drift) Skewed clocks create a perfect cover for attackers. When your servers disagree about when events happened, correlation dies and forensics becomes fiction. Yet most organizations treat NTP like plumbing: set once and forget.Fix this now: Enforce a secure NTP hierarchy with authenticated sources. Monitor offset religiously. Block unauthorized NTP traffic…
Dull but dangerous: A guide to 15 overlooked cybersecurity blind spots

Oct 13, 2025 2:24 PM

Tags: access, ai, api, attack, backup, cloud, control, corporate, credentials, crypto, cybersecurity, data, detection, dns, edr, email, encryption, endpoint, exploit, firewall, firmware, governance, guide, iam, identity, iot, leak, least-privilege, linux, malicious, mfa, network, password, phishing, phone, ransomware, resilience, saas, sbom, service, siem, strategy, supply-chain, tool, unauthorized, update, vulnerability

Server time synchronization (NTP drift) Skewed clocks create a perfect cover for attackers. When your servers disagree about when events happened, correlation dies and forensics becomes fiction. Yet most organizations treat NTP like plumbing: set once and forget.Fix this now: Enforce a secure NTP hierarchy with authenticated sources. Monitor offset religiously. Block unauthorized NTP traffic…
Fenrir PoC Breaks Secure Boot on Nothing Phone (2a) and CMF Phone 1

Oct 10, 2025 11:23 AM

Tags: exploit, phone, vulnerability

A newly released proof-of-concept (PoC) exploit has disclosed a severe code-execution vulnerability affecting the Nothing Phone (2a) and the CMF Phone 1, both of which are powered by MediaTek chipsets. The exploit, named “fenrir”, compromises the secure boot process, allowing attackers to execute arbitrary code at EL3, the most privileged level in the ARM architecture.…
Italian businessman’s phone reportedly targeted with Paragon spyware

Oct 9, 2025 8:24 PM

Tags: phone, spyware

The alleged targeting of prominent Italian businessman Francesco Gaetano Caltagirone now widens the Paragon spyware scandal in Italy to victims beyond journalists and activists. First seen on techcrunch.com Jump to article: techcrunch.com/2025/10/09/italian-businessmans-phone-reportedly-targeted-with-paragon-spyware/
ClayRat spyware turns phones into distribution hubs via SMS and Telegram

Oct 9, 2025 4:23 PM

Tags: android, cybersecurity, defense, detection, endpoint, google, Hardware, intelligence, mfa, ml, mobile, passkey, phishing, phone, radius, spyware, threat, training

Fighting a self-spreading spyware: Experts say combating ClayRat requires both technical hardening and behavioral hygiene.”Security teams should enforce a layered mobile security posture that reduces installation paths, detects compromise, and limits blast radius,” said Jason Soroko, Senior Fellow at Sectigo. He recommends blocking sideloading through Android Enterprise policy, deploying mobile threat defense integrated with endpoint…
PoC Released for Nothing Phone Code-Execution Vulnerability

Oct 9, 2025 2:23 PM

Tags: cyber, exploit, flaw, phone, risk, vulnerability

A proof-of-concept exploit has been published for a critical flaw in the secure boot process of the Nothing Phone (2a) and CMF Phone 1. This exploit can break the chain of trust and allow full code execution at the highest privilege level, posing a severe risk to device security. Vulnerability Overview A logic flaw in…
ICE bought vehicles equipped with fake cell towers to spy on phones

Oct 7, 2025 7:35 PM

Tags: phone, spy

The federal contract shows ICE spent $825,000 on vans equipped with “cell-site simulators” which allow the real-world location tracking of nearby phones and their owners. First seen on techcrunch.com Jump to article: techcrunch.com/2025/10/07/ice-bought-vehicles-equipped-with-fake-cell-towers-to-spy-on-phones/
Police ordered to give reasons in closed court for seizing phone of UK Hamas lawyer

Oct 6, 2025 7:35 PM

Tags: phone

A London court orders police to disclose reasons for seizing a copying the phone of a UK lawyer who represented Hamas but refused an injunction to prevent police reviewing the phone until after judicial review First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366632412/Police-ordered-to-give-reasons-in-closed-court-for-seizing-phone-of-UK-Hamas-lawyer
That CISO job offer could be a ‘pig-butchering’ scam

Oct 3, 2025 9:41 AM

Tags: ai, breach, ceo, cio, ciso, crypto, cybersecurity, deep-fake, finance, fraud, group, intelligence, jobs, linkedin, malware, network, north-korea, phishing, phone, scam, social-engineering, theft, threat, training

Deepfaked interview shenanigans: What followed was three months of constant messaging, which moved from SMS messages, to conversations on WhatsApp, to a (likely) deepfaked video interview.”Other than the 15-minute interview, mostly my interaction with them was a minute here and there, and of course the necessary background research on Gemini itself as well as the…
That CISO job offer could be a ‘pig-butchering’ scam

Oct 3, 2025 9:41 AM

Tags: ai, breach, ceo, cio, ciso, crypto, cybersecurity, deep-fake, finance, fraud, group, intelligence, jobs, linkedin, malware, network, north-korea, phishing, phone, scam, social-engineering, theft, threat, training

Deepfaked interview shenanigans: What followed was three months of constant messaging, which moved from SMS messages, to conversations on WhatsApp, to a (likely) deepfaked video interview.”Other than the 15-minute interview, mostly my interaction with them was a minute here and there, and of course the necessary background research on Gemini itself as well as the…
Your favourite phone apps might be leaking your company’s secrets

Oct 1, 2025 10:41 PM

Tags: api, data, infrastructure, phone

Most of the apps on your phone is talking to a server somewhere – sending and receiving data through messages sent through APIs, the underlying infrastructure that allows apps to communicate. First seen on fortra.com Jump to article: www.fortra.com/blog/favourite-phone-apps-might-leaking-companys-secrets
New Smish: New York Department of Revenue

Sep 30, 2025 4:08 PM

Tags: access, android, apple, authentication, breach, browser, china, chrome, credit-card, data, dns, group, iphone, mobile, nfc, phishing, phone, scam, software, spam, strategy, usa, windows

As I was visiting SmishTank to report the most recent SMish that I had received (an iMessage from a +27 South African telephone number claiming to be from ParkMobile) I noticed there had been many recent submissions from the New York Department of Revenue. SmishTank is operated by Professor Muhammad Lutfor Rahman, a colleague of mine…
Your budget Android phone might be spying on you

Sep 30, 2025 8:08 AM

Tags: access, android, google, phone

Researchers have found that many low-cost Android devices come with pre-installed apps that have high-level access to the system. Unlike apps from the Google Play Store, many … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/30/low-cost-android-devices-security-risks/
SMS Pools and what the US Secret Service Really Found Around New York

Sep 29, 2025 11:09 AM

Tags: apple, authentication, business, china, conference, control, country, credit-card, crime, crypto, data, email, exploit, finance, fraud, google, group, Hardware, infrastructure, iphone, jobs, korea, law, linux, mfa, mobile, phishing, phone, scam, service, smishing, software, theft, usa, windows

Last week the United Nations General Assembly kicked off in New York City. On the first day, a strange US Secret Service press conference revealed that they had seized 300 SIM Servers with 100,000 SIM cards. Various media outlets jumped on the idea that this was some state-sponsored sleeper cell waiting to destroy telecommunication services…
Japanese city passes two-hours-a-day smartphone usage ordinance

Sep 26, 2025 5:16 AM

Tags: phone

Symbolic gesture aims to help citizens sleep. Next: Doing something about people who walk while using their phones First seen on theregister.com Jump to article: www.theregister.com/2025/09/24/japan_toyoake_smartphone_limitation_ordinance/
Viral call-recording app Neon goes dark after exposing users’ phone numbers, call recordings, and transcripts

Sep 26, 2025 12:16 AM

Tags: access, iphone, phone

Call recording app Neon was one of the top-ranked iPhone apps, but was pulled offline after a security bug allowed any logged-in user to access the call recordings and transcripts of any other user. First seen on techcrunch.com Jump to article: techcrunch.com/2025/09/25/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts/
Cell Tower Hacking Gear Seized Ahead of UN General Assembly

Sep 24, 2025 1:16 PM

Tags: attack, hacking, phone, service

The equipment could be used to disable cell phone towers and conduct denial-of-services attacks across New York City First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/cell-tower-hacking-gear-seized-nyc/