What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-03-03 09:00:00 | WeTube - Une appli gratuite qui contourne YouTube et ses pubs (lien direct) | Marre des pubs intempestives qui viennent gâcher vos sessions YouTube et saoulé de devoir garder votre écran allumé pour écouter vos playlists favorites ? Alors laissez-moi vous présenter WeTube, une application Android sans publicité, qui propose de la lecture en arrière-plan et plein d’autres fonctionnalités histoire de vous faire oublier l’application officielle de Google. Premier point fort de WeTube c’est le blocage automatique des publicités. Plus besoin de supporter ces interruptions agaçantes au milieu de vos vidéos préférées car l’application se charge de les zapper automatiquement, que ce soit pour les films, les séries courtes, les actualités, les podcasts ou même les événements sportifs. | Mobile | ★★★ | |
 |
2025-03-03 06:33:08 | Le registre obtient ses griffes sur le téléphone tripolaire de Huawei \\ The Register gets its claws on Huawei\\'s bonkers tri-fold phone (lien direct) |
Il est bien construit et étonnamment facile à manipuler mais déçu par Android. Et stupidement cher First Look Le smartphone Triple Fold Mate XT de Huawei \\ est une création chic qui est facile à gérer même lorsqu'elle est pleinement étendue, mais déçoit car il est ridiculement cher et les luttes Android incluses pour suivre le rythme \\.
It\'s well-built and surprisingly easy to handle but let down by Android. And stupidly expensive First Look Huawei\'s triple-fold Mate XT smartphone is a classy creation that\'s easy to handle even when fully extended, but disappoints because it\'s ridiculously expensive and the included Android variant struggles to keep pace with the machine\'s contortions.… |
Mobile | ★★★ | |
 |
2025-03-02 16:30:00 | Le nouvel agent d'IA d'honneur peut lire et comprendre votre écran Honor\\'s New AI Agent Can Read and Understand Your Screen (lien direct) |
L'agent d'honneur propulsé par l'agent par Google \'s Gemini 2 Gives un aperçu des agents de l'intelligence artificielle sur Android.
The Honor UI Agent-powered by Google\'s Gemini 2 model-gives a glimpse of artificial intelligence agents on Android. |
Mobile | ★★★ | |
|
2025-03-01 13:30:00 | Gardez votre ancien téléphone Android plus longtemps avec LineageO Keep Your Old Android Phone Running Longer With LineageOS (lien direct) |
Résistez à l'envie de jeter ce vieux téléphone. Donnez-lui une seconde vie en installant cette version open source d'Android optimisé pour le matériel obsolète.
Resist the urge to toss that old phone. Give it a second life by installing this open-source version of Android optimized for outdated hardware. |
Mobile | ★★★ | |
 |
2025-02-28 23:08:30 | Android 0 jour vendu par Cellebrite exploité pour pirater le téléphone de l'étudiant serbe \\ Android 0-day sold by Cellebrite exploited to hack Serbian student\\'s phone (lien direct) |
Les utilisateurs d'Android qui ont installé le lot de patch de Google \\ de Google devraient le faire dès que possible.
Android users who have installed Google\'s February patch batch should do so ASAP. |
Hack Mobile | ★★★ | |
 |
2025-02-28 22:18:00 | Amnesty trouve le jour zéro de Cellebrite \\ pour déverrouiller le téléphone Android de l'activiste serbe \\ Amnesty Finds Cellebrite\\'s Zero-Day Used to Unlock Serbian Activist\\'s Android Phone (lien direct) |
Un activiste de jeunes serbes de 23 ans avait son téléphone Android ciblé par un exploit zero-day développé par Cellebrite pour déverrouiller l'appareil, selon un nouveau rapport d'Amnesty International.
"Le téléphone Android d'un manifestant d'étudiant a été exploité et déverrouillé par une chaîne d'exploitation sophistiquée zéro-jour ciblant les pilotes USB Android, développés par Cellebrite", l'international non gouvernemental international
A 23-year-old Serbian youth activist had their Android phone targeted by a zero-day exploit developed by Cellebrite to unlock the device, according to a new report from Amnesty International. "The Android phone of one student protester was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers, developed by Cellebrite," the international non-governmental |
Vulnerability Threat Mobile | ★★★ | |
 |
2025-02-28 21:54:06 | 1,6 million de téléviseurs Android piratés et infectés par le botnet VO1D dans le monde entier 1.6 Million Android TVs Hacked & Infected By Vo1d Botnet Worldwide (lien direct) |
Les chercheurs de la société de cybersécurité XLAB ont découvert qu'une nouvelle variante du botnet massif «VO1D» a infecté plus de 1,6 million d'appareils télévisés Android dans plus de 200 pays et régions, élargissant rapidement sa portée. Cette évolution soulève de sérieuses préoccupations concernant la sécurité des appareils Internet des objets (IoT) et leur exploitation potentielle dans les cyberattaques à grande échelle. «Imaginez assis sur votre canapé en regardant la télévision lorsque soudain l'écran scintille, la télécommande cesse de fonctionner et que le programme est remplacé par du code brouillé et des commandes étranges. Votre téléviseur, comme s'il était détourné par une force invisible, devient une «marionnette numérique». Ce n'est pas une menace réelle et croissante. Le Vo1d Botnet prend silencieusement le contrôle de millions d'appareils TV Android dans le monde entier », chercheurs XLab | Malware Vulnerability Threat Mobile | ★★★ | |
 |
2025-02-28 20:20:54 | Amnesty révèle l'exploit Android Cellebrite Zero-Day sur un militant étudiant serbe Amnesty Reveals Cellebrite Zero-Day Android Exploit on Serbian Student Activist (lien direct) |
> Amnesty International publie des détails techniques sur les vulnérabilités zéro jour exploitées par les outils médico-légaux mobiles de Cellebrite \\ pour espionner un militant étudiant serbe.
>Amnesty International publishes technical details on zero-day vulnerabilities exploited by Cellebrite\'s mobile forensic tools to spy on a Serbian student activist. |
Tool Vulnerability Threat Mobile Technical | ★★★ | |
 |
2025-02-28 14:13:19 | Protégez vos appareils: les attaques de phishing mobile contournent les mesures de sécurité du bureau Protect Your Devices: Mobile Phishing Attacks Bypass Desktop Security Measures (lien direct) |
|
Mobile | ★★★ | |
|
2025-02-28 12:30:00 | Utilisez Apple Invite à organiser votre prochain événement Use Apple Invites to Organize Your Next Event (lien direct) |
La nouvelle application de planification d'événements d'Apple \\ vous permet de rassembler des amis et de la famille dans un endroit-même s'ils sont sur Android.
Apple\'s new event planning app lets you gather friends and family in one place-even if they\'re on Android. |
Mobile | ★★★ | |
 |
2025-02-28 11:27:18 | La police serbe a utilisé le piratage de cellebrite zéro pour déverrouiller les téléphones Android Serbian police used Cellebrite zero-day hack to unlock Android phones (lien direct) |
Les autorités serbes auraient utilisé une chaîne d'exploitation Android Zero-Day développée par Cellebrite pour déverrouiller l'appareil d'un militant étudiant dans le pays et tenter d'installer des logiciels espions. [...]
Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. [...] |
Hack Vulnerability Threat Legislation Mobile | ★★★ | |
|
2025-02-28 11:23:23 | Le botnet VO1D évolue alors qu'il piétinerait 1,6 million de boîtes de télévision Android Vo1d Botnet Evolves as It Ensnares 1.6 Million Android TV Boxes (lien direct) |
> Le botnet VO1D est désormais alimenté par 1,6 million d'appareils TV Android, contre 1,3 million il y a un demi-an.
>The Vo1d botnet is now powered by 1.6 million Android TV devices, up from 1.3 million half a year ago. |
Mobile | ★★ | |
 |
2025-02-28 10:00:00 | Rapport de menace H2 2024: RÉPASSAGE INFOSTELER, NOUVEAU VECTEUR D'ATTAGE POUR MOBILE et NOMANI Threat Report H2 2024: Infostealer shakeup, new attack vector for mobile, and Nomani (lien direct) |
De grands changements dans la scène de l'infostealer, un nouveau vecteur d'attaque contre iOS et Android, et une augmentation massive des escroqueries d'investissement sur les réseaux sociaux
Big shifts in the infostealer scene, novel attack vector against iOS and Android, and a massive surge in investment scams on social media |
Threat Mobile | ★★★ | |
|
2025-02-27 18:34:00 | La nouvelle variante de Troie bancaire tgtoxique évolue avec des mises à niveau anti-analyse New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades (lien direct) |
Les chercheurs en cybersécurité ont découvert une version mise à jour d'un logiciel malveillant Android appelé Tgtoxic (aka toxicpanda), indiquant que les acteurs de la menace derrière lui apportent continuellement des modifications en réponse aux rapports publics.
"Les modifications observées dans les charges utiles tgtoxiques reflètent la surveillance continue des acteurs de l'intelligence open source et démontrent leur engagement à améliorer le
Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. "The modifications seen in the TgToxic payloads reflect the actors\' ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the |
Malware Threat Mobile | ★★★ | |
|
2025-02-27 17:49:12 | Le botnet malware VO1D atteint 1,6 million de téléviseurs Android dans le monde Vo1d malware botnet grows to 1.6 million Android TVs worldwide (lien direct) |
Une nouvelle variante du botnet malware VO1D est passée à 1 590 299 appareils de télévision Android infectés dans 226 pays, recrutant des appareils dans le cadre de réseaux de serveurs proxy anonymes. [...]
A new variant of the Vo1d malware botnet has grown to 1,590,299 infected Android TV devices across 226 countries, recruiting devices as part of anonymous proxy server networks. [...] |
Malware Mobile | ★★★ | |
 |
2025-02-27 13:36:47 | D @ S # 56: Construire la sécurité pour le matériel alimenté par lapin \\ D@S #56: Building Security for Rabbit\\'s AI-powered Hardware (lien direct) |
Matthew Domko explique comment son équipe s'attaque à la sécurisation d'un appareil AI grand public qui peut prendre des actions réelles, nécessitant une expertise sur le matériel, Android et la sécurité du cloud.
Matthew Domko explains how his team tackles securing a consumer AI device that can take real-world actions, requiring expertise across hardware, Android, and cloud security. |
Mobile Cloud | ★★★ | |
|
2025-02-26 18:57:33 | Qualcomm engage 8 ans de mises à jour de sécurité pour Android Kit à l'aide de ses puces (YMMV) Qualcomm pledges 8 years of security updates for Android kit using its chips (YMMV) (lien direct) |
En commençant par Snapdragon 8 Elite et \\ 'Droid 15 Il semble que les fabricants reçoivent enfin le message que les gens veulent utiliser leur kit plus longtemps sans problèmes de sécurité, comme Qualcomm l'a dit \' fournira des mises à jour logicielles Android, y compris des correctifs de vulnérabilité, pour ses derniers chipsets pendant huit ans au lieu de quatre.…
Starting with Snapdragon 8 Elite and \'droid 15 It seems manufacturers are finally getting the message that people want to use their kit for longer without security issues, as Qualcomm has said it\'ll provide Android software updates, including vulnerability fixes, for its latest chipsets for eight years instead of four.… |
Vulnerability Mobile | ★★★ | |
 |
2025-02-26 12:21:12 | Serbie: Cellebrite arrête l'utilisation des produits en Serbie après le rapport de surveillance de l'amnistie Serbia: Cellebrite halts product use in Serbia following Amnesty surveillance report (lien direct) |
> Répondre à l'annonce de Cellebrite \\ qu'il arrêtera l'utilisation de son équipement médico-légal numérique pour certains de leurs clients en Serbie, à la suite du rapport d'Amnesty International \\ sur l'utilisation abusive des logiciels espions et des produits médico-légaux mobiles par les autorités serbes à illégalement Les militants et les journalistes cibles, Donncha Ó Cearbhaill, chef du laboratoire de sécurité d'Amnesty International, […]
>Responding to Cellebrite\'s announcement that it will stop the use of its digital forensic equipment for some of their customers in Serbia, following Amnesty International\'s report on the misuse of spyware and mobile forensic products by Serbian authorities to unlawfully target activists and journalists, Donncha Ó Cearbhaill, Head of the Security Lab at Amnesty International, […] |
Mobile | ★★★ | |
|
2025-02-26 11:20:00 | Qualcomm prolonge la prise en charge de la sécurité des appareils Android à 8 ans Qualcomm Extends Security Support for Android Devices to 8 Years (lien direct) |
> Qualcomm dit qu'il travaille avec Google pour s'assurer que les fabricants d'appareils Android pourront fournir des mises à jour de sécurité pendant 8 ans.
>Qualcomm says it\'s working with Google to ensure that Android device manufacturers will be able to provide security updates for 8 years. |
Mobile | ★★★ | |
|
2025-02-26 11:01:10 | Murena expulse Google de la tablette Pixel Murena kicks Google out of the Pixel Tablet (lien direct) |
Android centré sur la confidentialité a plus de sens sur ce facteur de forme qu'un téléphone nous avons eu un jeu avec la première tablette de Murena \\, une gamme Google Pixel / E / OS, son interne Android 13 dé-ogin avec des fonctionnalités de confidentialité supplémentaires.…
Privacy-centric Android makes more sense on this form factor than a phone We had a play with Murena\'s first tablet, a Google Pixel running /e/OS, its in-house de-Googled Android 13 with additional privacy features.… |
Mobile | ★★★ | |
|
2025-02-26 07:39:18 | GPT 4.5 d'Openai \\ a été repéré dans Android Beta, lancez imminente OpenAI\\'s GPT 4.5 spotted in Android beta, launch imminent (lien direct) |
Le plus récent modèle d'Openai \\, GPT-4.5, arrive plus tôt que prévu. Une nouvelle référence a été repérée sur l'application Android de Chatgpt \\ qui pointe vers un modèle appelé "GPT-4.5 Research Preview", mais il semble que cela sera initialement limité à ceux qui ont un abonnement Pro. [...]
OpenAI\'s newest model, GPT-4.5, is coming sooner than we expected. A new reference has been spotted on ChatGPT\'s Android app that points to a model called "GPT-4.5 research preview," but it looks like it will initially be limited to those with a Pro subscription. [...] |
Mobile | ChatGPT | ★★★ |
|
2025-02-25 21:37:00 | LightSpy s'étend à plus de 100 commandes, augmentant le contrôle sur Windows, MacOS, Linux et Mobile LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile (lien direct) |
Les chercheurs en cybersécurité ont signalé une version mise à jour de l'implant LightSpy qui est équipé d'un ensemble élargi de fonctionnalités de collecte de données pour extraire les informations des plateformes de médias sociaux comme Facebook et Instagram.
LightSpy est le nom donné à un logiciel espion modulaire qui est capable d'infecter à la fois Windows et Apple Systems dans le but de récolter les données. Il a d'abord été documenté dans
Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that\'s capable of infecting both Windows and Apple systems with an aim to harvest data. It was first documented in |
Mobile | ★★★ | |
|
2025-02-25 17:28:55 | Qualcomm et Google s'associent pour offrir 8 ans de mises à jour Android Qualcomm and Google team up to offer 8 years of Android updates (lien direct) |
À partir de l'élite Snapdragon 8, Qualcomm permet jusqu'à huit ans de support de mise à jour.
Starting with the Snapdragon 8 Elite, Qualcomm enables up to eight years of update support. |
Mobile | ★★★ | |
 |
2025-02-25 15:04:10 | Sécuriser le logiciel de demain \\: le besoin de normes de sécurité mémoire Securing tomorrow\\'s software: the need for memory safety standards (lien direct) |
Posted by Alex Rebert, Security Foundations, Ben Laurie, Research, Murali Vijayaraghavan, Research and Alex Richardson, SiliconFor decades, memory safety vulnerabilities have been at the center of various security incidents across the industry, eroding trust in technology and costing billions. Traditional approaches, like code auditing, fuzzing, and exploit mitigations – while helpful – haven\'t been enough to stem the tide, while incurring an increasingly high cost.In this blog post, we are calling for a fundamental shift: a collective commitment to finally eliminate this class of vulnerabilities, anchored on secure-by-design practices – not just for ourselves but for the generations that follow.The shift we are calling for is reinforced by a recent ACM article calling to standardize memory safety we took part in releasing with academic and industry partners. It\'s a recognition that the lack of memory safety is no longer a niche technical problem but a societal one, impacting everything from national security to personal privacy.The standardization opportunityOver the past decade, a confluence of secure-by-design advancements has matured to the point of practical, widespread deployment. This includes memory-safe languages, now including high-performance ones such as Rust, as well as safer language subsets like Safe Buffers for C++. These tools are already proving effective. In Android for example, the increasing adoption of memory-safe languages like Kotlin and Rust in new code has driven a significant reduction in vulnerabilities.Looking forward, we\'re also seeing exciting and promising developments in hardware. Technologies like ARM\'s Memory Tagging Extension (MTE) and the | Tool Vulnerability Threat Mobile Technical | ★★ | |
|
2025-02-25 12:43:03 | Londres est bas en Europe pour la 5G, tandis que l'Europe est à la traîne du reste du monde London is bottom in Europe for 5G, while Europe lags the rest of the world (lien direct) |
Plus: Alerte Fandroid - Les appareils Android disent parfois \\ '5G \' lors de la connexion à 4G Londres est en bas de la table en ce qui concerne le service mobile 5G, selon un rapport à évaluer majeur Les villes européennes sur la qualité globale de l'expérience utilisateur. Et, l'Europe elle-même est à la traîne d'autres régions du déploiement de 5G SA…
Plus: Fandroid alert – Android devices sometimes say \'5G\' when connecting to 4G London is bottom of the table when it comes to 5G mobile service, according to a report gauging major European cities on the overall quality of user experience. And, Europe itself lags behind other regions in 5G SA deployment.… |
Mobile | ★★ | |
|
2025-02-24 16:43:29 | Exo - Pour créer un super cluster IA avec tous les appareils qui trainent chez vous (lien direct) | Vous rêvez de faire tourner les modèles d’IA les plus gros sur votre ordinateur, mais comme moi, vous n’avez pas le budget pour louer un datacenter… C’est con quand même. Alors si je vous disais qu’il existe une solution pour transformer vos machines existantes en un cluster d’IA distribué, grâce à Exo, un projet libre qui permet de connecter tous vos appareils pour mutualiser leur puissance de calcul. Avec Exo, vous allez pouvoir clusteriser votre MacBook, votre iPhone, votre tablette Android et même votre Raspberry Pi pour répartir la charge et ainsi exécuter les modèles d’IA open source les plus costauds comme LLaMA, Mistral ou Qwen. | Mobile | ★★★ | |
 |
2025-02-24 14:00:00 | Campagnes de phishing ciblant les établissements d'enseignement supérieur Phishing Campaigns Targeting Higher Education Institutions (lien direct) |
Écrit par: Ashley Pearson, Ryan Rath, Gabriel Simches, Brian Timberlake, Ryan Magaw, Jessica Wilbur
Présentation Beginning in August 2024, Mandiant observed a notable increase in phishing attacks targeting the education industry, specifically U.S.-based universities. A separate investigation conducted by the Google\'s Workspace Trust and Safety team identified a long-term campaign spanning from at least October 2022, with a noticeable pattern of shared filenames, targeting thousands of educational institution users per month. These attacks exploit trust within academic institutions to deceive students, faculty, and staff, and have been timed to coincide with key dates in the academic calendar. The beginning of the school year, with its influx of new and returning students combined with a barrage of administrative tasks, as well as financial aid deadlines, can create opportunities for attackers to carry out phishing attacks. In these investigations, three distinct campaigns have emerged, attempting to take advantage of these factors. In one campaign, attackers leveraged phishing campaigns utilizing compromised educational institutions to host Google Forms. At this time, Mandiant has observed at least 15 universities targeted in these phishing campaigns. In this case, the malicious forms were reported and subsequently removed. As such, at this time none of the phishing forms identified are currently active. Another campaign involved scraping university login pages and re-hosting them on the attacker-controlled infrastructure. Both campaigns exhibited tactics to obfuscate malicious activity while increasing their perceived legitimacy, ultimately to perform payment redirection attacks. These phishing methods employ various tactics to trick victims into revealing login credentials and financial information, including requests for school portal login verification, financial aid disbursement, refund verification, account deactivation, and urgent responses to campus medical inquiries. Google takes steps to protect users from misuse of its products, and create an overall positive experience. However, awareness and education play a big role in staying secure online. To better protect yourself and others, be sure to report abuse. Case Study 1: Google Forms Phishing Campaign The first observed campaign involved a two-pronged phishing campaign. Attackers distributed phishing emails that contained a link to a malicious Google Form. These emails and their respective forms were designed to mimic legitimate university communications, but requested sensitive information, including login credentials and financial details. 
|
Spam Malware Tool Vulnerability Threat Studies Legislation Mobile Medical | ★★★ | |
 |
2025-02-24 12:37:06 | Portefes de crypto matérielle vs mobile vs bureau: lequel devez-vous choisir? Hardware Crypto Wallets vs. Mobile vs. Desktop: Which Should You Choose? (lien direct) |
Les portefeuilles cryptographiques sont essentiels pour assurer la sécurité de votre crypto-monnaie. Il existe différents types de portefeuilles disponibles et le choix…
Crypto wallets are essential in keeping your cryptocurrency safe. There are different types of wallets available and choosing… |
Mobile | ★★★ | |
|
2025-02-21 13:45:23 | Spylend Android Malware a téléchargé 100 000 fois à partir de Google Play SpyLend Android malware downloaded 100,000 times from Google Play (lien direct) |
Une application Android Malware appelée Spylend a été téléchargée plus de 100 000 fois à partir de Google Play, où elle s'est masquée comme un outil financier mais est devenue une application de prêt prédatrice pour ceux en Inde. [...]
An Android malware app called SpyLend has been downloaded over 100,000 times from Google Play, where it masqueraded as a financial tool but became a predatory loan app for those in India. [...] |
Malware Tool Mobile | ★★ | |
|
2025-02-20 18:17:08 | New FrigidStealer Malware Infects macOS via Fake Browser Updates (lien direct) | Fake browser update scams now target Mac, Windows, and Android users, delivering malware like FrigidStealer, Lumma Stealer, and…
Fake browser update scams now target Mac, Windows, and Android users, delivering malware like FrigidStealer, Lumma Stealer, and… |
Malware Mobile | ★★ | |
|
2025-02-20 17:35:47 | Amazon remembers it has an Android app store, kills it (lien direct) | Fire tablets and Fire TV devices will still have access to apps, though.
Fire tablets and Fire TV devices will still have access to apps, though. |
Mobile | ★★★ | |
 |
2025-02-20 14:30:00 | Mobile Phishing Attacks Surge with 16% of Incidents in US (lien direct) | Mobile phishing attacks surged in 2024, with 16% of all incidents occurring in the US, according to a new Zimperium report
Mobile phishing attacks surged in 2024, with 16% of all incidents occurring in the US, according to a new Zimperium report |
Mobile | ★★★ | |
 |
2025-02-20 13:21:16 | (Déjà vu) Russia-Linked Actors Exploiting Signal Messenger\\'s “Linked Devices” Feature for Espionage in Ukraine (lien direct) | 
Overview
Google Threat Intelligence Group (GTIG) has identified multiple Russia-aligned threat actors actively targeting Signal Messenger accounts as part of a multi-year cyber espionage operation. The campaign, likely driven by Russia\'s intelligence-gathering objectives during its invasion of Ukraine, aims to compromise the secure communications of military personnel, politicians, journalists, and activists.
The tactics observed in this campaign include phishing attacks abusing Signal\'s linked devices feature, malicious JavaScript payloads and malware designed to steal Signal messages from compromised Android and Windows devices. While the focus remains on Ukrainian targets, the threat is expected to expand globally as adversaries refine their techniques.
Google has partnered with Signal to introduce security enhancements that mitigate these attack vectors, urging users to update to the latest versions of the app.
Tactics Used to Compromise Signal Accounts
Exploiting Signal\'s "Linked Devices" Feature
Russia-aligned threat actors have manipulated Signal\'s legitimate linked devices functionality to gain persistent access to victim accounts. By tricking users into scanning malicious QR codes, attackers can link an actor-controlled device to the victim\'s account, enabling real-time message interception without full device compromise.
The phishing methods used to deliver these malicious QR codes include:
Fake Signal group invites containing altered JavaScript redirects.
Phishing pages masquerading as Ukrainian military applications.
|
Malware Tool Vulnerability Threat Mobile Cloud Conference | APT 44 | ★★ |
 |
2025-02-19 14:05:12 | Pegasus spyware infections found on several private sector phones (lien direct) | Mobile security company iVerify says that it discovered about a dozen new infections of the powerful Pegasus spyware on phones mostly used by people in private industry.
Mobile security company iVerify says that it discovered about a dozen new infections of the powerful Pegasus spyware on phones mostly used by people in private industry. |
Mobile | ★★★ | |
|
2025-02-19 14:00:00 | Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger (lien direct) | Written by: Dan Black
Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia\'s intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia\'s re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war. Signal\'s popularity among common targets of surveillance and espionage activity-such as military personnel, politicians, journalists, activists, and other at-risk communities-has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfil a range of different intelligence requirements. More broadly, this threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques. In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats. We are grateful to the team at Signal for their close partnership in investigating this activity. The latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features. Phishing Campaigns Abusing Signal\'s "Linked Devices" Feature The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate "linked devices" feature that enables Signal to be used on multiple devices concurrently. Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim\'s account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victim\'s secure conversations without the need for full-device compromise. |
Malware Threat Mobile Cloud Commercial | APT 44 | ★★ |
 |
2025-02-18 18:37:26 | How Phished Data Turns into Apple & Google Wallets (lien direct) | Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.
Carding -- the underground business of stealing, selling and swiping stolen payment card data -- has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores. |
Mobile | ★★★ | |
|
2025-02-18 18:30:00 | New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (lien direct) | Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer.
The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher).
TA2727 is a "threat actor that uses fake
Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer. The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher). TA2727 is a "threat actor that uses fake |
Malware Threat Mobile | ★★★ | |
 |
2025-02-18 11:14:41 | Phishing Beyond Email: How Proofpoint Collab Protection Secures Messaging and Collaboration Apps (lien direct) | Today\'s organizations are embracing messaging and collaboration tools to enhance productivity and connect distributed teams like never before. Just as quickly, cybercriminals are adapting and learning to exploit these new entry points. Instead of just email-based threats, bad actors are now targeting these platforms with attacks like phishing, malware and account takeovers. To stay ahead of evolving threats, organizations need to protect their messaging and collaboration platforms with the same level of detection efficacy that they use for email. That\'s where Proofpoint Collab Protection can help. The new cyber battleground: messaging and collaboration platforms It might surprise you to learn that collaboration and messaging platforms don\'t have native security capabilities. So, they\'re unable to inspect or detect malicious URLs or block phishing attacks. In other words, your people and business are at risk if they use any of these platforms: Messaging, like Messenger, WhatsApp, Snapchat Collaboration, like Microsoft Teams, Slack, Zoom Social media, like LinkedIn, Instagram, Facebook, Twitter/X Cybercriminals exploit this opportunity by using these platforms as launchpads to send a variety of threats. Unfortunately, employees fall prey to these attacks for several reasons. For starters, employees tend to trust internal collaboration tools more than email because they assume that messages are being sent by verified colleagues. Attackers exploit this trust. Take Microsoft Teams as an example. Bad actors might use Teams to impersonate an executive to direct an employee to use a fraudulent invoice payment portal. Another issue is that, unlike email, messaging apps also encourage instant responses. Attackers use this to create a sense of urgency, pressuring victims into acting without verifying links or requests. They might ask employees to send payments, share their credentials or click a malicious URL. For example, a threat actor could use Messenger to impersonate the HR department, telling an employee to update their banking information immediately to avoid missing the next pay cycle. How cybercriminals weaponize messaging and collaboration tools Here\'s what the typical attack chain looks like for messaging or collaboration apps: Stages in the attack chain for messaging and collaboration apps. The most prevalent method for delivering payloads is malicious URLs. In the past three years, Proofpoint Threat Research has observed an alarming 2,524% increase in URL threats through SMS-based phishing (smishing). Compare that to threats delivered by email, which went up by only 119%. With more exposure to risk, companies are more vulnerable to cyberattacks. And the consequences of those attacks can be severe. In 2024, the average cost of a single attack reached $4.88 million, according to the IBM Cost of a Data Breach Report. Closing the gaps: how to secure your messaging and collaboration ecosystem Proofpoint Collab Protection extends phishing protection against malicious URLs delivered via any messaging, collaboration or social media platforms. Powered by our industry-leading Nexus Threat Intel, it provides real-time URL reputation inspection and analysis as well as the ability to block malicious URLs at click-time. As attackers\' tactics evolve, Collab Protection will use more parts of the Nexus detection ensemble over time. This will ensure that your users are protected anywhere, anytime from advanced phishing attacks. Protect people from malicious URLs Collab Protection is powered by our industry-leading threat intelligence. It inspects and analyzes the reputation of URLs in real-time, and it can block malicious URLs at click-time. Here\'s how it works. When an employee clicks on a suspicious link that\'s shared in a messaging or collaboration app, Collab Protection automatically evaluates how safe the link is. It does | Data Breach Malware Tool Threat Mobile | ★★★ | |
 |
2025-02-18 10:08:47 | Appdome announced it is extending its Account Takeover Protection suite (lien direct) | Appdome Stops AI-Deep Fakes at the Mobile Doorstep
Unveils 30 Groundbreaking Deep Fake Detection Plugins to
Strengthen ATO Protection inside Android & iOS Apps
-
Product Reviews
Appdome Stops AI-Deep Fakes at the Mobile Doorstep Unveils 30 Groundbreaking Deep Fake Detection Plugins to Strengthen ATO Protection inside Android & iOS Apps - Product Reviews |
Mobile | ★★★ | |
|
2025-02-18 08:18:48 | An Update on Fake Updates: Two New Actors, and New Mac Malware (lien direct) | Key findings Proofpoint identified and named two new cybercriminal threat actors operating components of web inject campaigns, TA2726 and TA2727. Proofpoint identified a new MacOS malware delivered via web inject campaigns that our researchers called FrigidStealer. The web inject campaign landscape is increasing, with a variety of copycat threat actors conducting similar campaigns, which can make it difficult for analysts to track. Overview The malicious website injects threat landscape is incredibly dynamic with multiple threat actors leveraging this malware delivery method. Typically, an attack chain will consist of three parts: the malicious injects served to website visitors, which are often malicious JavaScript scripts; a traffic distribution service (TDS) responsible for determining what user gets which payload based on a variety of filtering options; and the ultimate payload that is downloaded by the script. Sometimes each part of the attack chain is managed by the same threat actor, but frequently the different parts of the chain may be managed by different threat actors. Historically, TA569 was the main distributor of web inject campaigns, with its SocGholish injects leading to malware installation and follow-on ransomware attacks. This actor became almost synonymous with “fake updates” within the security community. But beginning in 2023, multiple copycats emerged using the same web inject and traffic redirection techniques to deliver malware. The influx of multiple actors – some of which collaborate with each other – paired with the fact that websites can be compromised by multiple injects at one time, makes it difficult to distinctly track and categorize threat actors conducting these attacks. Proofpoint is publishing this report to help delineate two distinct sets of activity. Proofpoint researchers recently designated two new threat actors, TA2726 and TA2727. These are traffic sellers and malware distributors and have been observed in multiple web-based attack chains like compromised website campaigns, including those using fake update themed lures. They are not email-based threat actors, and the activity observed in email campaign data is related to legitimate, but compromised websites. Notably, TA2727 was recently observed delivering a new information stealer for Mac computers alongside malware for Windows and Android hosts. Proofpoint researchers dubbed this FrigidStealer. Proofpoint is reassessing existing activity related to TA569 and previous reporting, and assesses with high confidence TA2726 acts as a traffic distribution service (TDS) for TA569 and TA2727. Definitions SocGholish: Specific inject used by TA569 that will present as a fake update to the visitor. Gholoader: The JavaScript-based loader that is served by SocGholish that can lead to follow-on malware installation. TDS: Traffic distribution system (TDS) (also sometimes known as a traffic delivery system) is a service for tracking and directing users to content on different websites. There are legitimate TDS services, but threat actors use and abuse them to direct people to malicious or compromised websites. Keitaro: A legitimate TDS that is regularly abused by threat actors, operated by a company of the same name. Web injects: Malicious code injected into a legitimate website by a threat actor. Injects can lead to data theft or malware installation, depending on actor objectives. Fake updates: Social engineering lures presented to a user that claim their browser needs to be updated. This lure theme is used by multiple different threat actors. TA569: The threat actor associated with the SocGholish inject and Gholoader malware, uses fake update themed lures. The actor can either inject their own code directly on compromised websites or use a TDS like TA2726 to serve their inject. | Ransomware Malware Tool Threat Mobile | ★★★ | |
|
2025-02-17 17:06:00 | South Korea Suspends DeepSeek AI Downloads Over Privacy Violations (lien direct) | South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations.
Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains
South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement. The web service remains |
Mobile | ★★ | |
 |
2025-02-17 15:34:05 | Sommet pour l\\'action sur l\\'intelligence artificielle : retour sur les travaux de l\\'ANSSI (lien direct) | Sommet pour l\'action sur l\'intelligence artificielle : retour sur les travaux de l\'ANSSI
anssiadm
lun 17/02/2025 - 15:34
Dans le cadre du Sommet pour l\'action sur l\'IA, organisé à Paris du 6 au 11 février 2025, l\'ANSSI a piloté, au sein de l\'axe " IA de confiance ", les travaux menés ces derniers mois sur la cybersécurité. L\'occasion de promouvoir son approche visant à privilégier une meilleure prise en compte des risques cyber pour développer la confiance dans l\'IA.
 L\'ANSSI a organisé un exercice de crise cyber lors du Sommet de l\'IA
L\'expertise de l\'ANSSI au service d\'une meilleure appréhension des risques cyber de l\'IA
En tant qu\'autorité nationale en matière de cyberdéfense et de cybersécurité, l\'ANSSI a travaillé à l\'identification et la bonne compréhension des risques cyber des systèmes d\'intelligence artificielle (SIA), en collaboration avec ses partenaires nationaux et internationaux, également réunis à Paris à l\'occasion du Sommet pour l\'action sur l\'IA.
Des systèmes d\'information qui posent de nouveaux défis à la cybersécurité
Dans les travaux qu\'elle a menés, l\'ANSSI souligne en premier lieu que les systèmes intégrant une IA (SIA) demeurent fondamentalement des systèmes logiciels, soumis en tout état de cause aux mêmes vulnérabilités que des systèmes plus classiques, comme le détournement de comptes utilisateurs ou administr |
Mobile | ★★ | |
|
2025-02-15 15:56:00 | Android\\'s New Feature Blocks Fraudsters from Sideloading Apps During Calls (lien direct) | Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress.
Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority.
Users who attempt
Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. The development was first reported by Android Authority. Users who attempt |
Mobile | ★★ | |
 |
2025-02-12 20:00:56 | Apple TV+ crosses enemy lines, will be available as an Android app starting today (lien direct) | Apple TV+ app on Android will work mostly as it does on any other device.
Apple TV+ app on Android will work mostly as it does on any other device. |
Mobile | ★★★ | |
 |
2025-02-12 14:00:00 | So You Think That Popular App is Safe? Think Again! (lien direct) | >Our security research team looked at the top 50 apps from iOS App store and Android Play Store and identified one app from each category that exhibited a high security or privacy vulnerability score.
>Our security research team looked at the top 50 apps from iOS App store and Android Play Store and identified one app from each category that exhibited a high security or privacy vulnerability score. |
Vulnerability Mobile | ★★★ | |
|
2025-02-12 10:31:36 | BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites (lien direct) | 
Key Takeaways
BTMOB RAT is an advanced Android malware evolved from SpySolr that features remote control, credential theft, and data exfiltration.
It spreads via phishing sites impersonating streaming services like iNat TV and fake mining platforms.
The malware abuses Android\'s Accessibility Service to unlock devices, log keystrokes, and automate credential theft through injections.
It uses WebSocket-based C&C communication for real-time command execution and data theft.
BTMOB RAT supports various malicious actions, including live screen sharing, file management, audio recording, and web injections.
The Threat Actor (TA) actively markets the malware on Telegram, offering paid licenses and continuous updates, making it an evolving and persistent threat.
Overview
On January 31, 2025, Cyble Research and Intelligence Labs (CRIL) identified a sample lnat-tv-pro.apk (13341c5171c34d846f6d0859e8c45d8a898eb332da41ab62bcae7519368d2248) being distributed via a phishing site “hxxps://tvipguncelpro[.]com/” impersonating iNat TV - online streaming platform from Turkey posing a serious threat to unsuspecting users.
 Figure 1 – Phishing site distributing this ma |
Malware Tool Threat Mobile | ★★★ | |
|
2025-02-11 20:43:00 | Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (lien direct) | Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content.
"Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for
Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for |
Spam Malware Mobile | ★★★ | |
|
2025-02-11 20:40:58 | Apple Patches Critical iOS Zero-Day CVE-2025-24200 (lien direct) | On Monday, Apple rolled out emergency security updates to fix a critical zero-day vulnerability in iOS and iPadOS that was actively exploited in an extremely sophisticated attack.
The high zero-day vulnerability, identified as CVE-2025-24200, is an authorization issue in Apple’s iOS and iPadOS that could allow a physical attacker to disable USB Restricted Mode on a locked device.
In other words, this vulnerability could enable a sophisticated physical attack to bypass USB Restricted Mode on a locked iOS or iPadOS device.
For those unaware, Apple’s USB Restricted Mode is a security feature introduced in iOS 11.4.1 to prevent unauthorized access to an iPhone or iPad via USB accessories.
When enabled, this mode prevents USB accessories that plug into the Lightning port from making data connections with the device if it has not been unlocked within the past hour.
This prevents hacking tools that connect via the Lightning port from bypassing passcodes and encryption.
Meanwhile, Apple has acknowledged the issue and fixed the vulnerability with improved state management.
“A physical attack may disable USB Restricted Mode on a locked device. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals,” the company wrote in the advisories [(1),(2)] published on Monday.
The Cupertino giant has credited security researcher Bill Marczak of The Citizen Lab at The University of Toronto\'s Munk School for discovering and reporting the vulnerability to Apple.
The CVE-2025-24200 vulnerability affected a broad range of Apple devices, including:
iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later
iPad Pro 12.9-inch 2nd generation, iPad Pro 10.5-inch, and iPad 6th generation
Apple has resolved the vulnerability above by releasing software updates - iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 - with improved memory management.
While Apple has not provided any information on how the above vulnerability was exploited, it has strongly urged its iOS and iPadOS users to immediately update their devices to the latest versions to mitigate potential security threats.
Further, enable automatic updates to ensure you receive future patches on your devices without delay.
Avoid clicking on suspicious links and only download apps from trusted sources to reduce the risk of vulnerabilities.
For software updates on iPhone or iPad, go to Settings > General > Software Update > Check for the update and install.
On Monday, Apple rolled out emergency security updates to fix a critical zero-day vulnerability in iOS and iPadOS that was actively exploited |
Tool Vulnerability Threat Mobile | ★★★ | |
|
2025-02-11 12:46:32 | Cyber Security Agency of Singapore Alerts Users on Active Exploitation of Zero-Day Vulnerability in Apple Products (lien direct) | 
Overview
The Cyber Security Agency of Singapore (CSA) has recently issued a warning regarding the active exploitation of a zero-day vulnerability (CVE-2025-24200) in a range of Apple products. This critical vulnerability is being actively targeted, and Apple has released timely security updates to address the issue. If exploited, the vulnerability could allow attackers to bypass certain security features and gain unauthorized access to sensitive data through USB connections.
The vulnerability, identified as CVE-2025-24200, affects various Apple devices, including iPhones and iPads. Specifically, the issue lies in the USB Restricted Mode, a security feature designed to prevent unauthorized access to a device\'s data when it is locked. A successful attack could disable this mode, allowing an unauthenticated attacker to access the device\'s data via a USB connection, even if the device is locked.
This flaw has been dubbed a "zero-day vulnerability," as it was discovered and actively exploited before a patch or security fix was made available. Apple has moved quickly to resolve the issue with new security updates released on February 10, 2025.
Affected Apple Products
|
Vulnerability Threat Mobile | ★★★★ | |
|
2025-02-10 02:30:15 | DeepSeek\\'s iOS app is a security nightmare, and that\\'s before you consider its TikTok links (lien direct) | PLUS: Spanish cops think they\'ve bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more! Infosec In Brief DeepSeek\'s iOS app is a security nightmare that you should delete ASAP, according to researchers at mobile app infosec platform vendor NowSecure.…
PLUS: Spanish cops think they\'ve bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more! Infosec In Brief DeepSeek\'s iOS app is a security nightmare that you should delete ASAP, according to researchers at mobile app infosec platform vendor NowSecure.… |
Data Breach Mobile | ★★★ |
To see everything:
Our RSS (filtrered)
