What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-05-09 12:43:00 | Google déploie les protections d'IA à disque pour détecter les escroqueries dans Chrome et Android Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android (lien direct) |
Google a annoncé jeudi qu'il déploie des contre-mesures alimentées par la nouvelle intelligence artificielle (AI) pour lutter contre les escroqueries sur Chrome, la recherche et Android.
Le géant de la technologie a déclaré qu'il commencerait à utiliser Gemini Nano, son modèle de grande langue (LLM) sur les appareils, pour améliorer la navigation en toute sécurité dans Chrome 137 sur les ordinateurs de bureau.
"L'approche sur les appareils fournit un aperçu instantané des sites Web risqués et nous permet d'offrir
Google on Thursday announced it\'s rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops. "The on-device approach provides instant insight on risky websites and allows us to offer |
Mobile | ★★★ | |
|
2025-05-08 19:26:00 | Sonicwall patchs 3 défauts dans les appareils SMA 100 permettant aux attaquants d'exécuter du code comme racine SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root (lien direct) |
Sonicwall a publié des correctifs pour aborder trois défauts de sécurité affectant les appareils SMA 100 Secure Mobile Access (SMA) qui pourraient être façonnés pour entraîner une exécution de code distante.
Les vulnérabilités sont énumérées ci-dessous -
CVE-2025-32819 (score CVSS: 8.8) - Une vulnérabilité dans SMA100 permet à un attaquant authentifié à distance avec des privilèges utilisateur SSL-VPN de contourner les vérifications de traversée de chemin et de supprimer un
SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below - CVE-2025-32819 (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an |
Vulnerability Mobile | ★★★ | |
|
2025-05-06 11:16:00 | Google corrige un défaut du système Android exploité activement en mai 2025 Mise à jour de sécurité Google Fixes Actively Exploited Android System Flaw in May 2025 Security Update (lien direct) |
Google a publié ses mises à jour de sécurité mensuelles pour Android avec des correctifs pour 46 défauts de sécurité, y compris une vulnérabilité qui, selon elle, a été exploitée dans la nature.
La vulnérabilité en question est CVE-2025-27363 (score CVSS: 8.1), une faille de haute sévérité dans le composant système qui pourrait conduire à l'exécution du code local sans nécessiter de privilèges d'exécution supplémentaires.
"Le plus sévère de
Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges. "The most severe of |
Vulnerability Mobile | ★★★ | |
|
2025-05-01 11:52:00 | Sonicwall confirme l'exploitation active des défauts affectant plusieurs modèles d'appareils SonicWall Confirms Active Exploitation of Flaws Affecting Multiple Appliance Models (lien direct) |
Sonicwall a révélé que deux défauts de sécurité désormais réglés ayant un impact sur ses appareils SMA100 Secure Mobile Access (SMA) ont été exploités dans la nature.
Les vulnérabilités en question sont énumérées ci-dessous -
CVE-2023-44221 (score CVSS: 7.2) - Une neutralisation incorrecte des éléments spéciaux dans l'interface de gestion SSL-VPN SMA100 permet à un attaquant authentifié à distance avec un privilège administratif à
SonicWall has revealed that two now-patched security flaws impacting its SMA100 Secure Mobile Access (SMA) appliances have been exploited in the wild. The vulnerabilities in question are listed below - CVE-2023-44221 (CVSS score: 7.2) - Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to |
Vulnerability Mobile | ★★ | |
|
2025-04-29 15:41:00 | Google rapporte 75 jours zéro exploités en 2024 - 44% des produits de sécurité d'entreprise ciblés Google Reports 75 Zero-Days Exploited in 2024 - 44% Targeted Enterprise Security Products (lien direct) |
Google a révélé qu'il avait observé 75 vulnérabilités de jour zéro exploitées dans la nature en 2024, contre 98 en 2023.
Sur les 75 jours zéro, 44% d'entre eux ont ciblé des produits d'entreprise. Jusqu'à 20 défauts ont été identifiés dans les logiciels et les appareils de sécurité.
"L'exploitation zéro-jour des navigateurs et des appareils mobiles a chuté radicalement, diminuant d'environ un tiers pour les navigateurs et d'environ la moitié pour
Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023. Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances. "Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for |
Vulnerability Threat Mobile | ★★ | |
|
2025-04-23 17:52:00 | Android Spyware déguisé en application de quête alpine cible les appareils militaires russes Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices (lien direct) |
Les chercheurs en cybersécurité ont révélé que le personnel militaire russe est la cible d'une nouvelle campagne malveillante qui distribue des logiciels espions Android sous le couvert du logiciel de cartographie de quêtes alpines.
"Les attaquants cachent ce Troie à l'intérieur du logiciel de cartographie alpine de quête modifié et le distribue de diverses manières, notamment via l'un des catalogues d'applications Android russes", a déclaré le Doctor Web dans un
Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs," Doctor Web said in an |
Mobile | ★★ | |
|
2025-04-21 20:43:00 | Supercard X Android Malware permet une fraude ATM et POS sans contact via des attaques de relais NFC SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks (lien direct) |
Une nouvelle plate-forme Android Malware-As-A-Service (MAAS) nommée Supercard X peut faciliter les attaques de relais de communication en champ proche (NFC), permettant aux cybercriminels de procéder à des dépenses de renchange frauduleuses.
La campagne Active vise les clients des institutions bancaires et des émetteurs de cartes en Italie dans le but de compromettre les données de carte de paiement, a déclaré Cleafy, la société de prévention de la fraude, a déclaré dans une analyse. Il existe des preuves
A new Android malware-as-a-service (MaaS) platform named SuperCard X can facilitate near-field communication (NFC) relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to compromise payment card data, fraud prevention firm Cleafy said in an analysis. There is evidence to |
Malware Mobile | ★★★ | |
|
2025-04-17 11:14:00 | Les drapeaux CISA ont activement exploité la vulnérabilité dans les appareils SONICWALL SMA CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices (lien direct) |
Mercredi, l'Agence américaine de sécurité de cybersécurité et d'infrastructure (CISA) a ajouté un défaut de sécurité ayant un impact sur les passerelles de la série Mobile Access (SMA) de Sonicwall Secure (SMA) vers son catalogue connu vulnérabilités exploitées (KEV), sur la base des preuves d'exploitation active.
La vulnérabilité à haute sévérité, suivie en CVE-2021-20035 (score CVSS: 7.2), concerne un cas d'injection de commandement du système d'exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a security flaw impacting SonicWall Secure Mobile Access (SMA) 100 Series gateways to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked as CVE-2021-20035 (CVSS score: 7.2), relates to a case of operating system command injection |
Vulnerability Mobile | ★★ | |
|
2025-04-16 13:04:00 | Téléphones Android chinois expédiés avec de faux WhatsApp, Applications télégrammes ciblant les utilisateurs de cryptographie Chinese Android Phones Shipped with Fake WhatsApp, Telegram Apps Targeting Crypto Users (lien direct) |
Des smartphones Android bon marché fabriqués par des sociétés chinoises ont été observés préinstallés avec des applications trojanisées se faisant passer pour WhatsApp et Telegram qui contiennent une fonctionnalité de clipper de crypto-monnaie dans le cadre d'une campagne depuis juin 2024.
Bien que l'utilisation d'applications de malware pour voler des informations financières n'est pas un nouveau phénomène, les nouvelles conclusions de l'antivirus Russe Vendor Doctor Point à
Cheap Android smartphones manufactured by Chinese companies have been observed pre-installed with trojanized apps masquerading as WhatsApp and Telegram that contain cryptocurrency clipper functionality as part of a campaign since June 2024. While using malware-laced apps to steal financial information is not a new phenomenon, the new findings from Russian antivirus vendor Doctor Web point to |
Mobile | ★★★ | |
|
2025-04-11 13:43:00 | Spynote, Badbazaar, Moonshine Malware Target Android et les utilisateurs iOS via de fausses applications SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps (lien direct) |
Les chercheurs en cybersécurité ont découvert que les acteurs de la menace mettent en place des sites Web trompeurs hébergés dans des domaines nouvellement enregistrés pour fournir un logiciel malveillant Android connu appelé Spynote.
Ces sites Web de faux se sont masqués en tant que pages d'installation de Google Play Store pour des applications comme le navigateur Web Chrome, indiquant une tentative de tromper les utilisateurs sans méfiance dans l'installation des logiciels malveillants à la place.
"L'acteur de menace a utilisé un
Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an attempt to deceive unsuspecting users into installing the malware instead. "The threat actor utilized a |
Malware Threat Mobile | ★★★ | |
|
2025-04-08 09:35:00 | Google publie une mise à jour Android pour corriger deux vulnérabilités activement exploitées Google Releases Android Update to Patch Two Actively Exploited Vulnerabilities (lien direct) |
Google a expédié des correctifs pour 62 vulnérabilités, dont deux il a déclaré avoir été exploités dans la nature.
Les deux vulnérabilités de haute sévérité sont répertoriées ci-dessous -
CVE-2024-53150 (score CVSS: 7.8) - Un défaut hors limites dans le sous-composant USB du noyau qui pourrait entraîner une divulgation d'informations
CVE-2024-53197 (score CVSS: 7.8) - Un défaut d'escalade du privilège dans le sous-composant USB du noyau
Google has shipped patches for 62 vulnerabilities, two of which it said have been exploited in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-53150 (CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure CVE-2024-53197 (CVSS score: 7.8) - A privilege escalation flaw in the USB sub-component of Kernel |
Vulnerability Mobile | ★★★ | |
|
2025-04-03 13:04:00 | Triada Malware préchargé sur des téléphones Android contrefaits infecte plus 2 600 appareils Triada Malware Preloaded on Counterfeit Android Phones Infects 2,600+ Devices (lien direct) |
Les versions contrefaites des modèles de smartphones populaires qui sont vendues à des prix réduites se sont avérées préchargements avec une version modifiée d'un malware Android appelé Triada.
"Plus de 2 600 utilisateurs dans différents pays ont rencontré la nouvelle version de Triada, la majorité en Russie", a déclaré Kaspersky dans un rapport. Les infections ont été enregistrées entre le 13 et le 27 mars 2025.
Triada est le
Counterfeit versions of popular smartphone models that are sold at reduced prices have been found to be preloaded with a modified version of an Android malware called Triada. "More than 2,600 users in different countries have encountered the new version of Triada, the majority in Russia," Kaspersky said in a report. The infections were recorded between March 13 and 27, 2025. Triada is the |
Malware Mobile | ★★ | |
|
2025-04-02 12:22:00 | FIN7 déploie les systèmes de porte dérobée Anubis pour détourner les systèmes Windows via des sites SharePoint compromis FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites (lien direct) |
L'acteur de menace financièrement motivé connu sous le nom de FIN7 a été lié à une porte dérobée basée à Python appelée Anubis (à ne pas confondre avec un chevalier bancaire Android du même nom) qui peut leur accorder un accès à distance à des systèmes Windows compromis.
"Ce logiciel malveillant permet aux attaquants d'exécuter des commandes de shell distant et d'autres opérations système, leur donnant un contrôle total sur une machine infectée",
The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine," Swiss |
Malware Threat Mobile | ★★★ | |
|
2025-04-01 19:48:00 | Lucid PhaaS atteint 169 cibles dans 88 pays utilisant iMessage et RCS smithing Lucid PhaaS Hits 169 Targets in 88 Countries Using iMessage and RCS Smishing (lien direct) |
Une nouvelle plate-forme sophistiquée de phishing en tant que service (PHAAS) appelée Lucid a ciblé 169 entités dans 88 pays à l'aide de messages de smims propagés via Apple iMessage et Rich Communication Services (RCS) pour Android.
Le argument de vente unique de Lucid \\ réside dans son armement de plates-formes de communication légitimes pour contourner les mécanismes de détection traditionnels basés sur SMS.
"C'est évolutif,
A new sophisticated phishing-as-a-service (PhaaS) platform called Lucid has targeted 169 entities in 88 countries using smishing messages propagated via Apple iMessage and Rich Communication Services (RCS) for Android. Lucid\'s unique selling point lies in its weaponizing of legitimate communication platforms to sidestep traditional SMS-based detection mechanisms. "Its scalable, |
Mobile | ★★★ | |
|
2025-04-01 11:17:00 | Apple a condamné une amende à 150 millions d'euros par le régulateur français pour des pratiques de consentement ATT discriminatoires Apple Fined €150 Million by French Regulator Over Discriminatory ATT Consent Practices (lien direct) |
Apple a été touché avec une amende de 150 millions d'euros (162 millions de dollars) par le chien de garde de la concurrence de France \\ sur la mise en œuvre de son cadre de confidentialité de Transparency (ATT).
L'Autorité de la concurrence a déclaré qu'elle imposait une pénalité financière contre Apple pour avoir abusé de sa position dominante en tant que distributeur d'applications mobiles pour les appareils iOS et iPados entre le 26 avril 2021 et le 25 juillet,
Apple has been hit with a fine of €150 million ($162 million) by France\'s competition watchdog over the implementation of its App Tracking Transparency (ATT) privacy framework. The Autorité de la concurrence said it\'s imposing a financial penalty against Apple for abusing its dominant position as a distributor of mobile applications for iOS and iPadOS devices between April 26, 2021 and July 25, |
Mobile | ★★★ | |
|
2025-03-29 12:58:00 | Nouveau Android Trojan Crocodilus abuse de l'accessibilité pour voler la banque et les informations d'identification cryptographiques New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials (lien direct) |
Les chercheurs en cybersécurité ont découvert un nouveau logiciel malveillant bancaire Android appelé Crocodilus qui est principalement conçu pour cibler les utilisateurs en Espagne et en Turquie.
"Crocodilus entre la scène non pas comme un simple clone, mais comme une menace à part entière dès le départ, équipé de techniques modernes telles que la télécommande, les superpositions d'écran noir et la récolte avancée de données via la journalisation de l'accessibilité", "
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that\'s primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging," |
Malware Threat Mobile | ★★★ | |
|
2025-03-28 13:36:00 | Campagne de logiciels malveillants de Pjobrat ciblé les utilisateurs taïwanais via de fausses applications de chat PJobRAT Malware Campaign Targeted Taiwanese Users via Fake Chat Apps (lien direct) |
Une famille de logiciels malveillants Android a précédemment observé le ciblage du personnel militaire indien a été lié à une nouvelle campagne destinée aux utilisateurs de Taiwan sous le couvert d'applications de chat.
"Pjobrat peut voler des messages SMS, des contacts téléphoniques, des informations sur les appareils et les applications, les documents et les fichiers multimédias des appareils Android infectés", a déclaré le chercheur de sécurité Sophos, Pankaj Kohli, dans une analyse jeudi.
Pjobrat, d'abord
An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first |
Malware Mobile | ★★★ | |
|
2025-03-27 18:01:00 | APT36 Spoofs India Publier un site Web pour infecter les utilisateurs de Windows et Android avec des logiciels malveillants APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (lien direct) |
Un groupe avancé de menace persistante (APT) avec des liens avec le Pakistan a été attribué à la création d'un faux site Web se faisant passer pour le système postal du secteur public d'Inde \\ dans le cadre d'une campagne conçue pour infecter les utilisateurs de Windows et Android dans le pays.
La société de cybersécurité Cyfirma a attribué la campagne avec une confiance moyenne à un acteur de menace appelé APT36, également connu sous le nom de
An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India\'s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as |
Malware Threat Mobile | APT 36 | ★★★ |
|
2025-03-25 14:40:00 | Les pirates utilisent .net Maui pour cibler les utilisateurs indiens et chinois avec de fausses banques, des applications sociales Hackers Use .NET MAUI to Target Indian and Chinese Users with Fake Banking, Social Apps (lien direct) |
Les chercheurs en cybersécurité attirent l'attention sur une campagne de logiciels malveillants Android qui exploite le cadre de l'interface utilisateur de l'application multi-plateforme de Microsoft \\.
"Ces menaces se déguisent en applications légitimes, ciblant les utilisateurs pour voler des informations sensibles", a déclaré le chercheur de McAfee Labs, Dexter Shin.
.FILET
Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft\'s .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said. .NET |
Malware Mobile | ★★★ | |
|
2025-03-24 17:05:00 | ⚡ Recaps hebdomadaire Thn: attaque de la chaîne d'approvisionnement GitHub, logiciel malveillant AI, tactiques BYOVD, et plus ⚡ THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More (lien direct) |
Un ajustement silencieux dans un outil d'Open-source populaire a ouvert la porte à une violation de la chaîne d'approvisionnement - ce qui a commencé comme une attaque ciblée rapidement en spirale, exposant des secrets dans d'innombrables projets.
Ce n'était pas le seul mouvement furtif. Un nouveau logiciel malveillant tout-en-un vole silencieusement les mots de passe, la crypto et le contrôle - tout en se cachant à la vue. Et plus de 300 applications Android ont rejoint le chaos, exécutant une annonce
A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad |
Malware Tool Mobile | ★★ | |
|
2025-03-18 15:31:00 | Badbox 2.0 Botnet infecte 1 million d'appareils Android pour la fraude publicitaire et les abus de proxy BADBOX 2.0 Botnet Infects 1 Million Android Devices for Ad Fraud and Proxy Abuse (lien direct) |
Au moins quatre acteurs de menace différents ont été identifiés comme impliqués dans une version mise à jour d'un système massif de fraude publicitaire et de proxy résidentiel appelé Badbox, peignant une image d'un écosystème de cybercriminalité interconnecté.
Cela comprend Salestracker Group, Moyu Group, Lemon Group et LongTV, selon de nouvelles conclusions de l'équipe de renseignement et de recherche Human Satori Threat, publié dans
At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in |
Threat Mobile | Satori | ★★★ |
|
2025-03-14 20:22:00 | GSMA confirme le cryptage de bout en bout pour RCS, permettant une messagerie multiplateforme sécurisée GSMA Confirms End-to-End Encryption for RCS, Enabling Secure Cross-Platform Messaging (lien direct) |
L'association GSM (GSMA) a officiellement annoncé la prise en charge du chiffrement de bout en bout (E2EE) pour sécuriser les messages envoyés via le protocole Rich Communications Services (RCS), apportant des protections de sécurité indispensables aux messages multiplateformes partagés entre les plates-formes Android et iOS.
À cette fin, les nouvelles spécifications GSMA pour RCS incluent E2EE basée sur le protocole de sécurité de la couche de messagerie (MLS)
The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol |
Mobile | ★★★ | |
|
2025-03-13 19:53:00 | Scarcruft de la Corée du Nord déploie des logiciels malveillants kospys, espionnant les utilisateurs d'Android via de fausses applications utilitaires North Korea\\'s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps (lien direct) |
L'acteur de menace en la Corée du Nord, connu sous le nom de Scarcruft, aurait été à l'origine d'un outil de surveillance Android jamais vu auparavant nommé Kospy ciblant les utilisateurs coréens et anglophones.
Lookout, qui a partagé les détails de la campagne de logiciels malveillants, a déclaré que les premières versions remontent à mars 2022. Les échantillons les plus récents ont été signalés en mars 2024. Il n'est pas clair à quel point ces efforts ont réussi.
"
The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It\'s not clear how successful these efforts were. " |
Malware Tool Threat Mobile | APT 37 | ★★ |
|
2025-03-05 18:50:00 | Google déploie la détection de l'ARC pour Android pour lutter contre la fraude conversationnelle Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud (lien direct) |
Google a annoncé le déploiement des fonctionnalités de détection de l'escroquerie alimentées par l'intelligence artificielle (AI) pour sécuriser les utilisateurs de périphériques Android et leurs informations personnelles.
"Ces fonctionnalités ciblent spécifiquement les escroqueries conversationnelles, qui peuvent souvent apparaître initialement inoffensives avant de devenir des situations nocives", a déclaré Google. "Et d'autres escrocs d'appel téléphonique utilisent des techniques d'usurpation pour cacher leur vrai
Google has announced the rollout of artificial intelligence (AI)-powered scam detection features to secure Android device users and their personal information. "These features specifically target conversational scams, which can often appear initially harmless before evolving into harmful situations," Google said. "And more phone calling scammers are using spoofing techniques to hide their real |
Mobile | ★★★ | |
|
2025-03-04 09:37:00 | La mise à jour Android Security de Google \\ est en mars 2025 Correction de deux vulnérabilités activement exploitées Google\\'s March 2025 Android Security Update Fixes Two Actively Exploited Vulnerabilities (lien direct) |
Google a publié son Bulletin de sécurité Android mensuel pour mars 2025 pour aborder un total de 44 vulnérabilités, dont deux qui, selon lui, ont subi une exploitation active dans la nature.
Les deux vulnérabilités de haute sévérité sont répertoriées ci-dessous -
CVE-2024-43093 - Un défaut d'escalade de privilège dans le composant Framework qui pourrait entraîner un accès non autorisé à "Android / Data", "Android / OBB,"
Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-43093 - A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb," |
Vulnerability Mobile | ★★ | |
|
2025-03-03 17:28:00 | Recap hebdomadaire thn: Alertes sur les exploits zéro-jours, les violations de l'IA et les cambriolages crypto ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (lien direct) |
Cette semaine, un militant serbe de 23 ans s'est retrouvé au carrefour du danger numérique lorsqu'un exploit sournois zéro-jour a transformé leur appareil Android en cible. Pendant ce temps, Microsoft a retiré le rideau sur un schéma où les cybercriminels ont utilisé des outils d'IA pour des farces nuisibles, et un énorme trow de secrets vivants a été découvert, nous rappelant que même les outils sur lesquels nous nous sommes complétés peuvent cacher Risky
This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that even the tools we rely on can hide risky |
Tool Vulnerability Threat Mobile | ★★★ | |
|
2025-03-03 10:47:00 | Le pic de Vo1d Botnet \\ dépasse 1,59 m Android Infected TVS, couvrant 226 pays Vo1d Botnet\\'s Peak Surpasses 1.59M Infected Android TVs, Spanning 226 Countries (lien direct) |
Le Brésil, l'Afrique du Sud, l'Indonésie, l'Argentine et la Thaïlande sont devenus la cible d'une campagne qui a infecté des appareils TV Android avec un malware botnet surnommé VO1D.
Il a été constaté que la variante améliorée de VO1D comprend 800 000 adresses IP actives quotidiennes, le botnet faisant évoluer un pic de 1 590 299 le 19 janvier 2025, couvrant 226 pays. Au 25 février 2025, l'Inde a connu un
Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries. As of February 25, 2025, India has experienced a |
Malware Mobile | ★★★ | |
|
2025-02-28 22:18:00 | Amnesty trouve le jour zéro de Cellebrite \\ pour déverrouiller le téléphone Android de l'activiste serbe \\ Amnesty Finds Cellebrite\\'s Zero-Day Used to Unlock Serbian Activist\\'s Android Phone (lien direct) |
Un activiste de jeunes serbes de 23 ans avait son téléphone Android ciblé par un exploit zero-day développé par Cellebrite pour déverrouiller l'appareil, selon un nouveau rapport d'Amnesty International.
"Le téléphone Android d'un manifestant d'étudiant a été exploité et déverrouillé par une chaîne d'exploitation sophistiquée zéro-jour ciblant les pilotes USB Android, développés par Cellebrite", l'international non gouvernemental international
A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite," the international non-governmental |
Vulnerability Threat Mobile | ★★★ | |
|
2025-02-27 18:34:00 | La nouvelle variante de Troie bancaire tgtoxique évolue avec des mises à niveau anti-analyse New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades (lien direct) |
Les chercheurs en cybersécurité ont découvert une version mise à jour d'un logiciel malveillant Android appelé Tgtoxic (aka toxicpanda), indiquant que les acteurs de la menace derrière lui apportent continuellement des modifications en réponse aux rapports publics.
"Les modifications observées dans les charges utiles tgtoxiques reflètent la surveillance continue des acteurs de l'intelligence open source et démontrent leur engagement à améliorer le
Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. "The modifications seen in the TgToxic payloads reflect the actors\' ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the |
Malware Threat Mobile | ★★★ | |
|
2025-02-25 21:37:00 | LightSpy s'étend à plus de 100 commandes, augmentant le contrôle sur Windows, MacOS, Linux et Mobile LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile (lien direct) |
Les chercheurs en cybersécurité ont signalé une version mise à jour de l'implant LightSpy qui est équipé d'un ensemble élargi de fonctionnalités de collecte de données pour extraire les informations des plateformes de médias sociaux comme Facebook et Instagram.
LightSpy est le nom donné à un logiciel espion modulaire qui est capable d'infecter à la fois Windows et Apple Systems dans le but de récolter les données. Il a d'abord été documenté dans
Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that\'s capable of infecting both Windows and Apple systems with an aim to harvest data. It was first documented in |
Mobile | ★★★ | |
|
2025-02-18 18:30:00 | New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (lien direct) | Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer.
The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher).
TA2727 is a "threat actor that uses fake
Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer. The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher). TA2727 is a "threat actor that uses fake |
Malware Threat Mobile | ★★★ | |
|
2025-02-17 17:06:00 | South Korea Suspends DeepSeek AI Downloads Over Privacy Violations (lien direct) | South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations.
Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains
South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains |
Mobile | ★★ | |
|
2025-02-15 15:56:00 | Android\\'s New Feature Blocks Fraudsters from Sideloading Apps During Calls (lien direct) | Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress.
Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority.
Users who attempt
Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who attempt |
Mobile | ★★ | |
|
2025-02-11 20:43:00 | Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (lien direct) | Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content.
"Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for
Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for |
Spam Malware Mobile | ★★★ | |
|
2025-02-07 20:28:00 | DeepSeek App Transmits Sensitive User and Device Data Without Encryption (lien direct) | A new audit of DeepSeek\'s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks.
The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and
A new audit of DeepSeek\'s mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and |
Mobile | ★★★ | |
|
2025-02-04 10:21:00 | Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (lien direct) | Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.
Successful exploitation of the flaw could lead
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. Successful exploitation of the flaw could lead |
Vulnerability Mobile | ★★★ | |
|
2025-01-31 16:15:00 | Google Bans 158,000 Malicious Android App Developer Accounts in 2024 (lien direct) | Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps.
The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with
Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from getting excessive or unnecessary access to sensitive user data during the time period by working with |
Mobile | ★★★ | |
|
2025-01-24 12:50:00 | Android\\'s New Identity Check Feature Locks Device Settings Outside Trusted Locations (lien direct) | Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations.
"When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you\'re outside of trusted locations," Google said in a post announcing the
Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. "When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you\'re outside of trusted locations," Google said in a post announcing the |
Mobile | ★★★ | |
|
2025-01-23 15:54:00 | SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (lien direct) | SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day.
The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system.
"Pre-authentication deserialization of untrusted data vulnerability has been identified in the
SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. "Pre-authentication deserialization of untrusted data vulnerability has been identified in the |
Vulnerability Threat Mobile | ★★★ | |
|
2025-01-20 20:23:00 | DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection (lien direct) | The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks.
The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the
The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma. The apps in question have been found to incorporate identical functions, barring minor modifications to the |
Malware Threat Mobile | ★★★ | |
|
2025-01-10 15:17:00 | Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices (lien direct) | Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey\'s Audio (APE) decoder on Samsung smartphones that could lead to code execution.
The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14.
"Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey\'s Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote |
Vulnerability Threat Mobile | ★★★ | |
|
2025-01-06 16:40:00 | FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices (lien direct) | An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices.
"Disguised as a fake \'Telegram Premium\' app, it is distributed through a GitHub.io-hosted phishing site that impersonates RuStore – a popular app store in the Russian Federation,"
An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices. "Disguised as a fake \'Telegram Premium\' app, it is distributed through a GitHub.io-hosted phishing site that impersonates RuStore – a popular app store in the Russian Federation," |
Malware Mobile | ★★★ | |
|
2025-01-03 11:13:00 | Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy Violations (lien direct) | Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users\' privacy using its voice-activated Siri assistant.
The development was first reported by Reuters.
The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the
Apple has agreed to pay $95 million to settle a proposed class action lawsuit that accused the iPhone maker of invading users\' privacy using its voice-activated Siri assistant. The development was first reported by Reuters. The settlement applies to U.S.-based individuals current or former owners or purchasers of a Siri-enabled device who had their confidential voice communications with the |
Mobile | ★★★★ | |
|
2024-12-19 14:10:00 | UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ App (lien direct) | The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless.
Users who visit the
The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed that a threat actor it tracks as UAC-0125 is leveraging Cloudflare Workers service to trick military personnel in the country into downloading malware disguised as Army+, a mobile app that was introduced by the Ministry of Defence back in August 2024 in an effort to make the armed forces go paperless. Users who visit the |
Malware Threat Mobile | ★★ | |
|
2024-12-12 19:05:00 | Gamaredon Deploys Android Spyware "BoneSpy" and "PlainGnome" in Former Soviet States (lien direct) | The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns.
"BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both
The Russia-linked state-sponsored threat actor tracked as Gamaredon has been attributed to two new Android spyware tools called BoneSpy and PlainGnome, marking the first time the adversary has been discovered using mobile-only malware families in its attack campaigns. "BoneSpy and PlainGnome target former Soviet states and focus on Russian-speaking victims," Lookout said in an analysis. "Both |
Malware Tool Threat Mobile | ★★★ | |
|
2024-12-11 16:32:00 | Chinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017 (lien direct) | Cybersecurity researchers have discovered a novel surveillance program that\'s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices.
The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as
Cybersecurity researchers have discovered a novel surveillance program that\'s suspected to be used by Chinese police departments as a lawful intercept tool to gather a wide range of information from mobile devices. The Android tool, codenamed EagleMsgSpy by Lookout, has been operational since at least 2017, with artifacts uploaded to the VirusTotal malware scanning platform as recently as |
Malware Tool Legislation Mobile | ★★★ | |
|
2024-12-10 19:43:00 | Fake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing Scam (lien direct) | Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that\'s designed to distribute an updated version of the Antidot banking trojan.
"The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu Pratapagiri researcher said in a new report.
"As part of their fraudulent hiring process, the
Cybersecurity researchers have shed light on a sophisticated mobile phishing (aka mishing) campaign that\'s designed to distribute an updated version of the Antidot banking trojan. "The attackers presented themselves as recruiters, luring unsuspecting victims with job offers," Zimperium zLabs Vishnu Pratapagiri researcher said in a new report. "As part of their fraudulent hiring process, the |
Mobile | ★★★ | |
|
2024-12-06 21:45:00 | FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine (lien direct) | A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year.
The findings come as part of a collaborative investigation by First Department and the University of Toronto\'s Citizen Lab.
"The spyware placed on his device allows the operator to track a target device\'s
A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto\'s Citizen Lab. "The spyware placed on his device allows the operator to track a target device\'s |
Mobile | ★★★ | |
|
2024-12-05 21:28:00 | This $3,000 Android Trojan Targeting Banks and Cryptocurrency Exchanges (lien direct) | As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot.
"DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro
As many as 77 banking institutions, cryptocurrency exchanges, and national organizations have become the target of a newly discovered Android remote access trojan (RAT) called DroidBot. "DroidBot is a modern RAT that combines hidden VNC and overlay attack techniques with spyware-like capabilities, such as keylogging and user interface monitoring," Cleafy researchers Simone Mattia, Alessandro |
Mobile | ★★★ | |
|
2024-12-05 18:13:00 | Hackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus Backdoor (lien direct) | A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs.
"Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a
A previously undocumented threat activity cluster dubbed Earth Minotaur is leveraging the MOONSHINE exploit kit and an unreported Android-cum-Windows backdoor called DarkNimbus to facilitate long-term surveillance operations targeting Tibetans and Uyghurs. "Earth Minotaur uses MOONSHINE to deliver the DarkNimbus backdoor to Android and Windows devices, targeting WeChat, and possibly making it a |
Threat Mobile | ★★★ |
To see everything:
Our RSS (filtrered)
