#mobile-app-vulnerability

[ follow ]
#cybersecurity #malware #data-breach #vulnerabilities #supply-chain-attack #apple #mobile-security #security
#mobile-security
Information security
fromSecurityWeek
1 day ago

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.
Information security
fromSecurityWeek
1 day ago

Mobile Attack Surface Expands as Enterprises Lose Control

Mobile device security is inadequate, with many organizations using critically outdated operating systems and exposing sensitive data to potential attacks.
more#mobile-security
Apple
fromMail Online
17 hours ago

Apple issues warning to iPhone users over stealthy attack: Act NOW

Apple has released critical iOS updates to protect against the DarkSword cyberattack method targeting vulnerable devices.
Cryptocurrency
fromnews.bitcoin.com
1 hour ago

Human Error, Not Hacking, Cited as Top Cause for Crypto Access Loss

Human error is the leading cause of cryptocurrency access loss, affecting 35% of holders, primarily due to forgotten passwords and lost seed phrases.
#openclaw
DevOps
fromInfoWorld
1 day ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
16 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
DevOps
fromInfoWorld
1 day ago

Understanding the risks of OpenClaw

OpenClaw is an orchestration layer that requires external services to function effectively, rather than being a standalone cloud platform.
Information security
fromArs Technica
16 hours ago

OpenClaw gives users yet another reason to be freaked out about security

OpenClaw's vulnerabilities pose severe security risks, allowing attackers to gain administrative access with minimal permissions.
more#openclaw
Productivity
fromTechCrunch
16 hours ago

Best iPad apps to boost productivity and make your life easier | TechCrunch

iPads have evolved into versatile productivity tools with numerous apps available to enhance organization and focus.
#data-breach
Privacy professionals
fromSecurityWeek
1 day ago

T-Mobile Sets the Record Straight on Latest Data Breach Filing

T-Mobile confirmed a data breach was caused by an insider incident affecting only one account with limited information exposed.
Privacy professionals
fromSilicon Canals
1 day ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Privacy technologies
fromTechCrunch
1 day ago

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.
Information security
fromSecuritymagazine
1 day ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.
Information security
fromTheregister
2 days ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
Privacy professionals
fromSecurityWeek
1 day ago

T-Mobile Sets the Record Straight on Latest Data Breach Filing

T-Mobile confirmed a data breach was caused by an insider incident affecting only one account with limited information exposed.
Privacy professionals
fromSilicon Canals
1 day ago

A fintech app asked users for their passports - then left 360,000 files unprotected for five years - Silicon Canals

A money transfer app exposed over 360,000 sensitive files on a public server for nearly five years, including unencrypted personal documents.
Privacy technologies
fromTechCrunch
1 day ago

Exclusive: Money transfer app Duc exposed thousands of driver's licenses and passports to the open web

A publicly accessible Amazon storage server exposed personal data of hundreds of thousands, including driver's licenses and passports, without encryption.
Information security
fromSecuritymagazine
1 day ago

AI Startup Mercor, Which Works With Open AI and Anthropic, Confirms Data Breach

Mercor, an AI startup, experienced a data breach involving 4 terabytes of stolen data linked to a supply chain attack by hacking groups.
Information security
fromTheregister
2 days ago

The company's biggest security hole lived in the breakroom

An internet-connected coffee machine caused a major data breach by exploiting security vulnerabilities in a corporate network.
more#data-breach
Brooklyn
fromBrooklyn Eagle
1 day ago

PREMIUM Is Your Phone Spying on You? Nah. It Doesn't Have To.

Apps collect extensive data about users, allowing them to predict needs without eavesdropping.
Angular
fromInfoQ
1 day ago

Swift 6.3 Stabilizes Android SDK, Extends C Interop, and More

Swift 6.3 introduces official Android support, enhances C interoperability, and improves embedded programming capabilities with a unified build system and low-level performance control.
#cybersecurity
Information security
fromSecurityWeek
1 day ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.
fromThe Hacker News
1 day ago
Information security

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

Information security
fromThe Hacker News
1 day ago

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.
Information security
fromComputerWeekly.com
2 days ago

NCSC warns high-risk individuals of Signal and WhatsApp social engineering attacks | Computer Weekly

High-risk individuals must reduce exposure to social engineering attacks targeting encrypted messaging apps like Signal, WhatsApp, and Facebook Messenger.
Information security
fromSecurityWeek
1 day ago

In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware

New Android malware targets banking users, Italy fines Intesa Sanpaolo for data breach, Apple updates Mac security against ClickFix attacks.
Information security
fromThe Hacker News
1 day ago

ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories

The ThreatsDay Bulletin provides a concise overview of current cybersecurity threats and trends affecting system safety.
Information security
fromThe Hacker News
1 day ago

UNC1069 Social Engineering of Axios Maintainer Led to npm Supply Chain Attack

A targeted social engineering campaign by North Korean actors led to a supply chain compromise of the Axios npm package.
Information security
fromComputerWeekly.com
2 days ago

NCSC warns high-risk individuals of Signal and WhatsApp social engineering attacks | Computer Weekly

High-risk individuals must reduce exposure to social engineering attacks targeting encrypted messaging apps like Signal, WhatsApp, and Facebook Messenger.
more#cybersecurity
#android
Privacy technologies
fromThe Hacker News
3 days ago

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google is rolling out Android developer verification to combat harmful app distribution by requiring identity confirmation for developers.
Privacy technologies
fromSheFinds
2 weeks ago

3 Android Apps Experts Say You Should Delete Immediately To Protect Your Data

Certain Android apps, like Facebook and free utility apps, pose significant privacy risks and should be deleted to protect user data.
Privacy technologies
fromThe Hacker News
3 days ago

Android Developer Verification Rollout Begins Ahead of September Enforcement

Google is rolling out Android developer verification to combat harmful app distribution by requiring identity confirmation for developers.
Privacy technologies
fromSheFinds
2 weeks ago

3 Android Apps Experts Say You Should Delete Immediately To Protect Your Data

Certain Android apps, like Facebook and free utility apps, pose significant privacy risks and should be deleted to protect user data.
more#android
Software development
fromDevOps.com
1 day ago

Why Code Validation is the Next Frontier - DevOps.com

Shared staging environments are inadequate for modern development; isolated, on-demand setups are needed for effective validation.
Wearables
fromMakeUseOf
3 days ago

Your phone's Bluetooth is broadcasting more than you think - here's how to limit it

Bluetooth remains active and broadcasts data even when not connected, potentially allowing for tracking without user consent.
Online learning
fromeLearning Industry
1 day ago

Microlearning Solutions For Mobile: How L&D Leaders Build Engaging, In-The-Flow-Of-Work Learning

Mobile microlearning solutions effectively address time scarcity and fragmented attention, providing quick, accessible training for modern employees.
Python
fromThe Hacker News
2 days ago

The State of Trusted Open Source Report

AI is reshaping software development and security, influencing container image usage and vulnerability management.
Marketing tech
fromAndroid Authority
3 days ago

The Google Play Store has a serious problem with shady cast-to-TV apps

A small number of developer networks dominate the cast-to-TV app category on Google Play, operating over 280 apps with 1.8 billion installs.
#axios
Node JS
fromSecurityWeek
3 days ago

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.
Information security
fromSiliconANGLE
3 days ago

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.
Node JS
fromSecurityWeek
3 days ago

Axios NPM Package Breached in North Korean Supply Chain Attack

Malicious Axios NPM library versions were distributed in a supply chain attack by North Korean hackers, affecting millions of users.
Information security
fromSiliconANGLE
3 days ago

Hackers compromise popular Axios Javascript library with hidden malware - SiliconANGLE

Axios HTTP client library was hacked to distribute malware via a compromised npm account, affecting multiple operating systems.
more#axios
#apple
Apple
fromTechRepublic
1 day ago

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to 'DarkSword' Exploit

Apple is issuing a rare security patch for iOS 18 to combat the DarkSword hacking tool, breaking from its usual upgrade policy.
Apple
fromSecurityWeek
1 day ago

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.
Apple
fromTechCrunch
2 days ago

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.
Apple
fromZDNET
2 days ago

Still running iOS 18? Install this critical update ASAP

Apple has released a security patch for iPhones running iOS 18 to protect against the DarkSword exploit.
Apple
fromTechzine Global
4 days ago

Vibe coding is in Apple's crosshairs, as app is removed

Apple has removed the app Anything from the App Store for violating guidelines on vibe-coding apps.
Apple
fromTechRepublic
1 day ago

Apple Issues Rare Patch: Up to 270M iPhones Could Be Vulnerable to 'DarkSword' Exploit

Apple is issuing a rare security patch for iOS 18 to combat the DarkSword hacking tool, breaking from its usual upgrade policy.
Apple
fromSecurityWeek
1 day ago

Apple Rolls Out DarkSword Exploit Protection to More Devices

Apple is updating older iOS devices to protect against the DarkSword exploit kit targeting vulnerabilities in its mobile platforms.
Apple
fromTechCrunch
2 days ago

Apple releases security fix for older iPhones and iPads to protect against DarkSword attacks | TechCrunch

Apple released security updates for older iPhones and iPads to protect against the DarkSword hacking toolkit that steals user data.
Apple
fromZDNET
2 days ago

Still running iOS 18? Install this critical update ASAP

Apple has released a security patch for iPhones running iOS 18 to protect against the DarkSword exploit.
Apple
fromTechzine Global
4 days ago

Vibe coding is in Apple's crosshairs, as app is removed

Apple has removed the app Anything from the App Store for violating guidelines on vibe-coding apps.
more#apple
Software development
fromTechzine Global
2 days ago

Microsoft rejiggers Intune to give patches time to prove themselves

Microsoft Intune will shift from pushing patches to measuring compliance with defined update standards, emphasizing policy and outcomes over delivery.
Node JS
fromBleepingComputer
3 days ago

Hackers compromise Axios npm package to drop cross-platform malware

Hackers compromised the Axios npm account to distribute remote access trojans across multiple operating systems.
Privacy professionals
fromSilicon Canals
1 day ago

A money-transfer app stored customer passports on an unencrypted, publicly accessible server for nearly five years - Silicon Canals

Fintech companies face regulatory pressure to collect identity documents but lack enforceable obligations to protect them, leading to data breaches.
Privacy technologies
fromZDNET
1 week ago

5 telltale signs that your phone has been compromised (and how to combat them)

Phone hacking can be detected through signs like battery drain, slow performance, unfamiliar logins, and reduced storage space.
#whatsapp
Privacy professionals
fromTechCrunch
2 days ago

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.
Information security
fromTheregister
3 days ago

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.
Privacy professionals
fromTechCrunch
2 days ago

WhatsApp notifies hundreds of users who installed a fake app that was actually government spyware | TechCrunch

WhatsApp notified 200 users about a malicious fake app containing spyware created by Italian firm SIO.
Information security
fromTheregister
3 days ago

Don't open that WhatsApp message, Microsoft warns

WhatsApp messages are being exploited to deliver malicious files that allow attackers to control victims' machines and access their data.
more#whatsapp
#malware
Information security
fromThe Hacker News
1 day ago

New SparkCat Variant in iOS, Android Apps Steals Crypto Wallet Recovery Phrase Images

A new version of SparkCat malware targets cryptocurrency users on mobile platforms, concealing itself in benign apps and evolving its technical capabilities.
more#malware
Privacy professionals
fromSecurityWeek
2 days ago

FBI Warns of Data Security Risks From China-Made Mobile Apps

Foreign-developed mobile applications pose significant data security risks, particularly those from China, according to an FBI alert.
Apple
fromtechsciencetoday
1 day ago

Next Major iOS Update for iPhone Expected to Bring Crucial Change

iOS 27 will significantly upgrade Siri, enabling multitasking and improved context understanding with modern AI models.
Information security
fromSecurityWeek
1 day ago

Critical ShareFile Flaws Lead to Unauthenticated RCE

Two critical vulnerabilities in ShareFile could allow unauthenticated remote code execution through improper access to configuration pages.
fromComputerworld
17 hours ago

A core infrastructure engineer pleads guilty to federal charges in insider attack

Rhyne's attack involved unauthorized remote desktop sessions, deletion of network administrator accounts, and changing of passwords, showcasing significant security vulnerabilities.
Information security
Privacy technologies
fromTheregister
2 weeks ago

Google creates installation path for unverified Android apps

Google will allow Android users to install apps from unverified developers through a friction-filled one-time process designed to prevent coercion-based malware installation.
Information security
fromInfoQ
1 day ago

Open Source Security Tool Trivy Hit by Supply Chain Attack, Prompting Urgent Industry Response

A malicious release of the Trivy vulnerability scanner exposed critical weaknesses in software supply chain security, allowing for potential credential theft.
Apple
fromComputerworld
1 week ago

Apple goes global with key MDM tools and services for business

Managed Apple accounts enhance data separation and control for businesses, offering free MDM features and competitive productivity tools.
#android-sideloading
Privacy technologies
fromTechCrunch
2 weeks ago

Google introduces a new way for users to sideload Android apps that still protects against scams | TechCrunch

Google introduces an 'advanced flow' setting allowing Android users to disable app verification requirements and sideload unverified apps while maintaining some anti-scam protections.
Privacy technologies
fromEngadget
2 weeks ago

Android will hide app sideloading behind a new one-time security process

Google implements a multi-step verification process for sideloading unverified apps on Android, while offering free limited distribution accounts for hobbyist developers to share apps with up to 20 devices.
Privacy technologies
fromTechCrunch
2 weeks ago

Google introduces a new way for users to sideload Android apps that still protects against scams | TechCrunch

Google introduces an 'advanced flow' setting allowing Android users to disable app verification requirements and sideload unverified apps while maintaining some anti-scam protections.
Privacy technologies
fromEngadget
2 weeks ago

Android will hide app sideloading behind a new one-time security process

Google implements a multi-step verification process for sideloading unverified apps on Android, while offering free limited distribution accounts for hobbyist developers to share apps with up to 20 devices.
more#android-sideloading
Information security
fromWIRED
15 hours ago

Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk

Meta has paused work with Mercor due to a major security breach affecting data used for AI training.
#android-security
Privacy technologies
fromArs Technica
2 weeks ago

Google details new 24-hour process to sideload unverified Android apps

Google will enforce developer verification for Android sideloading in September 2026, but an advanced flow in developer settings allows power users to bypass verification requirements.
Privacy technologies
fromThe Hacker News
2 weeks ago

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is restricting non-accessibility apps from using Android's accessibility services API in Advanced Protection Mode to prevent malicious data theft.
Information security
fromTechRepublic
2 weeks ago

875 Million Android Phones Face Risk Due to Hidden Chip Flaw

A chip-level flaw in MediaTek-powered Android phones allows attackers to unlock devices and extract encrypted data within 60 seconds, affecting approximately 875 million devices.
Privacy technologies
fromArs Technica
2 weeks ago

Google details new 24-hour process to sideload unverified Android apps

Google will enforce developer verification for Android sideloading in September 2026, but an advanced flow in developer settings allows power users to bypass verification requirements.
Privacy technologies
fromThe Hacker News
2 weeks ago

Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse

Google is restricting non-accessibility apps from using Android's accessibility services API in Advanced Protection Mode to prevent malicious data theft.
Information security
fromTechRepublic
2 weeks ago

875 Million Android Phones Face Risk Due to Hidden Chip Flaw

A chip-level flaw in MediaTek-powered Android phones allows attackers to unlock devices and extract encrypted data within 60 seconds, affecting approximately 875 million devices.
more#android-security
Information security
fromSecurityWeek
1 day ago

React2Shell Exploited in Large-Scale Credential Harvesting Campaign

Threat actor exploits Next.js vulnerabilities to exfiltrate credentials and compromise systems at scale, affecting over 766 systems and collecting more than 10,000 files.
Apple
fromJezebel
2 weeks ago

Your iPhone Has Probably Never Been More Vulnerable to Spyware and Hacking

Apple iOS devices face increased cybersecurity threats from malware like Darksword and Coruna that exploit vulnerabilities to steal data and cryptocurrency from millions of users.
Information security
fromThe Hacker News
1 day ago

Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK

Drift decentralized exchange lost $285 million due to a sophisticated attack involving unauthorized access and social engineering.
Information security
fromInfoWorld
1 day ago

Claude Code leak puts enterprise trust at risk as security, governance concerns mount

Leaks threaten Anthropic's market position and raise security concerns about its AI coding tools.
#cisco
Information security
fromSecurityWeek
2 days ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.
Information security
fromThe Hacker News
1 day ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.
Information security
fromSecurityWeek
2 days ago

Cisco Patches Critical and High-Severity Vulnerabilities

Cisco has released fixes for two critical and six high-severity vulnerabilities affecting various enterprise networking products.
Information security
fromThe Hacker News
1 day ago

Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise

Cisco has released critical updates to address vulnerabilities in its Integrated Management Controller and Smart Software Manager On-Prem.
more#cisco
Information security
fromTechzine Global
1 day ago

Axios supply chain attack victim posts postmortem to prevent a repeat

Axios was compromised for three hours, distributing Remote Access Trojans due to a sophisticated social engineering attack by North Korean group UNC1069.
#chrome
Information security
fromTechRepublic
1 day ago

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.
Information security
fromTechRepublic
1 day ago

Patch Now: Chrome Flaw Under Active Attack, Google Confirms

Google has released a security update for Chrome due to multiple high-severity vulnerabilities, including an actively exploited use-after-free flaw.
more#chrome
#north-korea
Information security
fromFortune
1 day ago

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.
Information security
fromFortune
1 day ago

I knew about North Korean hackers-they still tricked me and got into my computer | Fortune

North Korean hackers are increasingly targeting individuals in the crypto industry, employing sophisticated deception tactics.
more#north-korea
#supply-chain-attack
Information security
fromInfoQ
4 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.
Information security
fromInfoQ
4 days ago

PyPI Supply Chain Attack Compromises LiteLLM, Enabling the Exfiltration of Sensitive Information

A supply chain attack on LiteLLM led to over 40,000 downloads of a compromised package that harvested sensitive information.
more#supply-chain-attack
Information security
fromSecurityWeek
1 day ago

Critical Vulnerability in Claude Code Emerges Days After Source Leak

Anthropic's Claude Code source code was leaked, revealing operational details but not compromising sensitive data like model weights or customer information.
Information security
fromThe Hacker News
1 day ago

Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials

A large-scale credential harvesting operation exploits the React2Shell vulnerability to steal sensitive data from compromised hosts across multiple regions.
fromComputerworld
3 days ago

Why the axios supply chain attack should have Apple worried

The attack illustrates the extent to which Big Tech relies on open-source software. Without the many contributions of open-source developers, Apple, Amazon, Google, Microsoft, and everyone else would need to invest vast sums in building more of the infrastructure of our digital world.
Information security
Information security
fromSecurityWeek
4 days ago

Exploitation of Critical Fortinet FortiClient EMS Flaw Begins

Threat actors exploit a critical SQL injection vulnerability in Fortinet FortiClient EMS, allowing remote code execution without authentication.
Information security
fromSecurityWeek
3 days ago

The Next Cybersecurity Crisis Isn't Breaches-It's Data You Can't Trust

Data integrity now encompasses data trust, emphasizing the importance of reliable data in AI-driven decision-making.
Information security
fromTheregister
4 days ago

Citrix NetScaler bug may be multiple flaws in one

In-the-wild exploitation of a critical Citrix NetScaler bug has begun, with attackers actively targeting vulnerable systems within days of its disclosure.
Information security
fromThe Hacker News
1 week ago

Coruna iOS Kit Reuses 2023 Triangulation Exploit Code in New Mass Attacks

Coruna exploit kit is an evolved version of the Operation Triangulation exploit, targeting iOS devices with multiple vulnerabilities.
Apple
fromTechRepublic
2 months ago

New iOS and iPadOS Flaws Leave Millions of iPhones at Risk

Two WebKit vulnerabilities (CVE-2025-43529 and CVE-2025-14174) allow zero-click remote code execution in Safari, potentially giving attackers full access to iPhones and iPads.
#iphone-security
Information security
fromArs Technica
2 weeks ago

Hundreds of millions of iPhones can be hacked with a new tool found in the wild

DarkSword, a sophisticated iPhone hacking technique discovered in use by Russian hackers, can silently compromise hundreds of millions of iOS devices running older operating system versions through infected websites.
Information security
fromWIRED
2 weeks ago

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A sophisticated iPhone hacking technique called DarkSword enables attackers to silently compromise iOS devices through infected websites, affecting hundreds of millions of users running older iOS versions.
Information security
fromArs Technica
2 weeks ago

Hundreds of millions of iPhones can be hacked with a new tool found in the wild

DarkSword, a sophisticated iPhone hacking technique discovered in use by Russian hackers, can silently compromise hundreds of millions of iOS devices running older operating system versions through infected websites.
Information security
fromWIRED
2 weeks ago

Hundreds of Millions of iPhones Can Be Hacked With a New Tool Found in the Wild

A sophisticated iPhone hacking technique called DarkSword enables attackers to silently compromise iOS devices through infected websites, affecting hundreds of millions of users running older iOS versions.
more#iphone-security
fromZDNET
1 month ago

Is spyware hiding on your phone? How to find out and remove it - fast

Spyware is one of the top threats to your mobile security and can severely impact your handset's performance if you are unlucky enough to become infected. It is a type of malware that typically lands on your iPhone or Android phone through malicious mobile apps or through phishing links, emails, and messages. While appearing to be a legitimate software package or useful utility, spyware will operate quietly in the background to monitor your movements,
Privacy technologies
Information security
fromTechRepublic
3 weeks ago

Microsoft Authenticator Flaw on Android, iOS Could Leak Login Codes for Millions

A vulnerability in Microsoft Authenticator could allow malicious apps on the same device to intercept authentication codes and sign-in links, but patches are already available.
Information security
fromThe Hacker News
3 weeks ago

Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Law enforcement and security companies dismantled Tycoon2FA and LeakBase, major infrastructure supporting phishing-as-a-service operations that compromised MFA credentials at scale.
Information security
fromSecurityWeek
1 month ago

Critical React Native Vulnerability Exploited in the Wild

Critical CVE-2025-11953 (Metro4Shell) in React Native's Community CLI/Metro is being actively exploited since December, exposing thousands of internet-accessible instances.
[ Load more ]