Tag: spyware

Commercial spyware “Landfall” ran rampant on Samsung phones for almost a year

Nov 7, 2025 9:19 PM

Tags: attack, cctv, data, phone, spyware

Targeted attack could steal all of a phone’s data and activate camera or mic. First seen on arstechnica.com Jump to article: arstechnica.com/gadgets/2025/11/commercial-spyware-landfall-ran-rampant-on-samsung-phones-for-almost-a-year/
Commercial spyware “Landfall” ran rampant on Samsung phones for almost a year

Nov 7, 2025 9:19 PM

Tags: attack, cctv, data, phone, spyware

Targeted attack could steal all of a phone’s data and activate camera or mic. First seen on arstechnica.com Jump to article: arstechnica.com/gadgets/2025/11/commercial-spyware-landfall-ran-rampant-on-samsung-phones-for-almost-a-year/
New LandFall spyware exploited Samsung zero-day via WhatsApp messages

Nov 7, 2025 8:20 PM

Tags: android, exploit, malicious, spyware, threat, vulnerability, zero-day

A threat actor exploited a zero-day vulnerability in Samsung’s Android image processing library to deploy a previously unknown spyware called ‘LandFall’ using malicious images sent over WhatsApp. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-landfall-spyware-exploited-samsung-zero-day-via-whatsapp-messages/
Newly identified Android spyware appears to be from a commercial vendor

Nov 7, 2025 7:20 PM

Tags: android, spyware, zero-day

Researchers spotted a 9-month-long campaign involving previously undiscovered spyware they call LANDFALL, which leveraged a zero-day bug in Samsung Galaxy phones. First seen on therecord.media Jump to article: therecord.media/landfall-spyware-middle-east-appears-commercial-grade
Newly identified Android spyware appears to be from a commercial vendor

Nov 7, 2025 7:20 PM

Tags: android, spyware, zero-day

Researchers spotted a 9-month-long campaign involving previously undiscovered spyware they call LANDFALL, which leveraged a zero-day bug in Samsung Galaxy phones. First seen on therecord.media Jump to article: therecord.media/landfall-spyware-middle-east-appears-commercial-grade
Samsung Zero-Click Flaw Exploited to Deploy LANDFALL Android Spyware via WhatsApp

Nov 7, 2025 7:20 PM

Tags: android, attack, cve, exploit, flaw, spyware, zero-day

A now-patched security flaw in Samsung Galaxy Android devices was exploited as a zero-day to deliver a “commercial-grade” Android spyware dubbed LANDFALL in targeted attacks in the Middle East.The activity involved the exploitation of CVE-2025-21042 (CVSS score: 8.8), an out-of-bounds write flaw in the “libimagecodec.quram.so” component that could allow remote attackers to execute arbitrary First…
New Landfall spyware apparently targeting Samsung phones in Middle East

Nov 7, 2025 5:19 PM

Tags: middle-east, network, phone, spyware

Palo Alto Networks researchers haven’t been able to identify who’s behind the commercial-grade tech yet. First seen on cyberscoop.com Jump to article: cyberscoop.com/landfall-spyware-samsung-phones-palo-alto-networks-unit-42/
New Landfall spyware apparently targeting Samsung phones in Middle East

Nov 7, 2025 5:19 PM

Tags: middle-east, network, phone, spyware

Palo Alto Networks researchers haven’t been able to identify who’s behind the commercial-grade tech yet. First seen on cyberscoop.com Jump to article: cyberscoop.com/landfall-spyware-samsung-phones-palo-alto-networks-unit-42/
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
New Android Malware ‘Fantasy Hub’ Spies on Users’ Calls, Contacts, and Messages

Nov 7, 2025 1:19 PM

Tags: access, android, cyber, malware, mobile, russia, service, social-engineering, spyware, tactics, threat

Russian-based threat actors are actively distributing a sophisticated Android Remote Access Trojan called >>Fantasy Hub
New Android Malware ‘Fantasy Hub’ Spies on Users’ Calls, Contacts, and Messages

Nov 7, 2025 1:19 PM

Tags: access, android, cyber, malware, mobile, russia, service, social-engineering, spyware, tactics, threat

Russian-based threat actors are actively distributing a sophisticated Android Remote Access Trojan called >>Fantasy Hub
‘Landfall’ spyware abused zero-day to hack Samsung Galaxy phones

Nov 7, 2025 12:19 PM

Tags: android, middle-east, phone, spyware, zero-day

A newly identified Android spyware targeted Galaxy devices for close to a year, including users in the Middle East, researchers exclusively tell TechCrunch. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/07/landfall-spyware-abused-zero-day-to-hack-samsung-galaxy-phones/
Italian political consultant says he was targeted with Paragon spyware

Nov 6, 2025 7:19 PM

Tags: phone, spyware

WhatsApp notified the consultant, who works for left-wing politicians, that his phone was targeted with spyware made by Paragon. First seen on techcrunch.com Jump to article: techcrunch.com/2025/11/06/italian-political-consultant-says-he-was-targeted-with-paragon-spyware/
Italian communications executive reveals he was targeted with Paragon spyware

Nov 6, 2025 6:19 PM

Tags: communications, spyware

A prominent Italian communications executive and political adviser has revealed that he was targeted with Paragon spyware, making him the fifth Italian to come forward in a scandal that has rocked the Italian government. First seen on therecord.media Jump to article: therecord.media/italy-comms-exec-spyware
Italian communications executive reveals he was targeted with Paragon spyware

Nov 6, 2025 6:19 PM

Tags: communications, spyware

A prominent Italian communications executive and political adviser has revealed that he was targeted with Paragon spyware, making him the fifth Italian to come forward in a scandal that has rocked the Italian government. First seen on therecord.media Jump to article: therecord.media/italy-comms-exec-spyware
EU-Gelder für Spyware-Firmen: Brüssel gibt Finanzierung zu

Nov 4, 2025 7:19 PM

Tags: spyware

Millionen an EU-Fördergeldern sind an Unternehmen geflossen, die Spyware entwickelten und diese an autoritäre Regime verkauft haben. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/datenschutz/eu-gelder-fur-ueberwachungssoftware-firmen-brussel-gibt-finanzierung-zu-322540.html
New Dante Spyware Linked to Rebranded Hacking Team, Now Memento Labs

Nov 3, 2025 7:20 PM

Tags: attack, browser, chrome, hacking, kaspersky, spyware, tool, vulnerability, zero-day

Kaspersky researchers uncovered Operation ForumTroll, an attack campaign utilising the new ‘Dante’ spyware developed by Memento Labs, the rebranded Hacking Team. The attacks used a Chrome zero-day vulnerability (CVE-2025-2783) and COM hijacking for persistence, confirming the continued deployment of advanced surveillance tools by the controversial Italian firm. First seen on hackread.com Jump to article: hackread.com/dante-spyware-hacking-team-memento-labs/
Spyware-Plugged ChatGPT, DALL·E and WhatsApp Apps Target US Users

Oct 30, 2025 8:19 PM

Tags: chatgpt, malicious, spyware

Are you using a fake version of a popular app? Appknox warns US users about malicious brand clones hiding on third-party app stores. Protect yourself from hidden spyware and ‘commercial parasites.’ First seen on hackread.com Jump to article: hackread.com/spyware-chatgpt-dalle-whatsapp-apps-us-users/
Spyware-Plugged ChatGPT, DALL·E and WhatsApp Apps Target US Users

Oct 30, 2025 8:19 PM

Tags: chatgpt, malicious, spyware

Are you using a fake version of a popular app? Appknox warns US users about malicious brand clones hiding on third-party app stores. Protect yourself from hidden spyware and ‘commercial parasites.’ First seen on hackread.com Jump to article: hackread.com/spyware-chatgpt-dalle-whatsapp-apps-us-users/
CEO of spyware maker Memento Labs confirms one of its government customers was caught using its malware

Oct 29, 2025 6:26 AM

Tags: ceo, government, hacking, malware, spyware, windows

Security researchers found a government hacking campaign that relies on Windows spyware developed by surveillance tech maker Memento Labs. When reached by TechCrunch, the spyware maker’s chief executive blamed a government customer for getting caught. First seen on techcrunch.com Jump to article: techcrunch.com/2025/10/28/ceo-of-spyware-maker-memento-labs-confirms-one-of-its-government-customers-was-caught-using-its-malware/
Italian-made spyware Dante linked to Chrome zero-day exploitation campaign

Oct 28, 2025 3:26 PM

Tags: browser, chrome, cve, exploit, google, spyware, vulnerability, zero-day

CVE-2025-2783, a Chrome zero-day vulnerability that was detected being exploited in March 2025 and was subsequently fixed by Google, was used by unknown attackers to deliver … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/28/dante-spyware-chrome-zero-day/
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware

Oct 28, 2025 11:26 AM

Tags: browser, chrome, cve, espionage, exploit, flaw, google, service, spyware, technology, tool, vulnerability, zero-day

The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
Chrome Zero-Day Exploited to Deliver Italian Memento Labs’ LeetAgent Spyware

Oct 28, 2025 11:26 AM

Tags: browser, chrome, cve, espionage, exploit, flaw, google, service, spyware, technology, tool, vulnerability, zero-day

The zero-day exploitation of a now-patched security flaw in Google Chrome led to the distribution of an espionage-related tool from Italian information technology and services provider Memento Labs, according to new findings from Kaspersky.The vulnerability in question is CVE-2025-2783 (CVSS score: 8.3), a case of sandbox escape which the company disclosed in March 2025 as…
Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign

Oct 28, 2025 5:26 AM

Tags: browser, chrome, kaspersky, rce, remote-code-execution, spyware, zero-day

The post Kaspersky Exposes Chrome Zero-Day RCE (CVE-2025-2783) Delivering Memento Labs Spyware in ForumTroll Campaign appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/kaspersky-exposes-chrome-zero-day-rce-cve-2025-2783-delivering-memento-labs-spyware-in-forumtroll-campaign/
Memento Labs, the ghost of Hacking Team, has returned, or maybe it was never gone at all.

Oct 27, 2025 10:26 PM

Tags: attack, browser, chrome, flaw, hacking, kaspersky, spyware, tool, zero-day

Kaspersky links the first Chrome zero-day of 2025 to tools used in attacks attributed to Memento Labs, formerly known as the Hacking Team. The actor behind Operation ForumTroll used the same tools seen in Dante spyware attacks. Kaspersky researchers linked the first Chrome zero-day of 2025 (CVE-2025-2783), a sandbox escape flaw, to the arsenal of…