Security Affairs

NOVEMBER 1, 2024

New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024. The updated iOS version (7.9.0)

Spyware 98

Spyware Media Malware Hacking 98

Security Affairs

APRIL 8, 2025

In March 2025, WhatsApp addressed a zero-click, zero-day vulnerability exploited to install Paragons Graphite spyware on the devices of targeted individuals. WhatsApp blocked a spyware campaign by Paragon targeting journalists and civil society members after reports of the Citizen Lab group from the University of Toronto.

Spyware 117

Spyware Media Surveillance Hacking 117

Security Affairs

MARCH 13, 2025

North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. Lookout researchers attributed the spyware to the ScarCruft group with medium confidence. The most recent samples detected by the cybersecurity firm are dated March 2024.

Spyware 80

Spyware Surveillance Encryption Malware 80

Security Affairs

JUNE 2, 2025

In October 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-43047 Qualcomm Multiple Chipsets Use-After-Free Vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. . “Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.”

Spyware 120

Spyware Hacking Cybersecurity Mobile 120

Malwarebytes

FEBRUARY 3, 2025

WhatsApp has accused the professional spyware company Paragon of spying on a select group of users. WhatsApp, the Meta-owned, end-to-end encrypted messaging platform, said it has reliable information that nearly 100 journalists and other members of civil society were targets of a spyware campaign conducted by the Israeli spyware company.

Spyware 129

Spyware Accountability Encryption Government 129

Security Affairs

OCTOBER 22, 2024

Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. Samsung addressed the vulnerability with the release of security updates in October 2024 “A Use-After-Free in the mobile processor leads to privilege escalation.”

Firmware 145

Firmware Mobile Spyware Media 145

Security Affairs

NOVEMBER 16, 2024

” NSO Group continued using WhatsApp exploits, including spyware called “Erised,” even after being sued for violating anti-hacking laws. The legal action alleges that the Israeli surveillance firm tried to compromise approximately 1,400 individuals through WhatsApp hacking attempts. from April 29, 2018, to May 10, 2020).

Spyware 120

Spyware Surveillance Malware Hacking 120

Security Affairs

MARCH 3, 2025

Amnesty International first found traces of this Cellebrite USB exploit used in a separate case in mid-2024.” ” In 2024, the Security Lab provided evidence of a Cellebrite zero-day exploit chain to industry partners, leading Google to identify three vulnerabilities. .”

Hacking 69

Hacking Spyware Technology Surveillance 69

Security Affairs

FEBRUARY 15, 2025

However, the circumstance that the Citizen Lab researchers discovered the attack suggests that the threat actor may have used a zero-day exploit to deliver commercial spyware in highly targeted attacks. Such kinds of attacks often rely on zero-day exploits to target journalists, dissidents, and opposition politicians with spyware.

Spyware 109

Spyware DDOS Authentication Hacking 109

Security Affairs

JANUARY 27, 2025

Usually, such kinds of vulnerabilities are exploited by nation-state actors or commercial surveillance spyware vendors in targeted attacks. In 2024, Apple addressed six zero-day vulnerabilities in its products. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Spyware 121

Spyware Surveillance Media Hacking 121

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 110

Cryptocurrency Hacking Phishing Cyber Attacks 110

Security Affairs

DECEMBER 8, 2024

Now He Wants to Help You Escape, Too Dozens of Countries Hit in Chinese Telecom Hacking Campaign, Top U.S. officials urge Americans to use encrypted apps amid unprecedented cyberattack The Great Pokmon Go Spy Panic Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Artificial Intelligence 104

Artificial Intelligence Spyware Hacking Ransomware 104

Security Affairs

NOVEMBER 20, 2024

Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, macOS, visionOS, and Safari web browser, which are actively exploited in the wild. “Processing maliciously crafted web content may lead to a cross site scripting attack. ” reads the advisory.

Spyware 116

Spyware Hacking 116

Malwarebytes

APRIL 11, 2025

The US State Department reportedly plans to sign an international agreement designed to govern the use of commercial spyware known as the Pall Mall Pact. The Pall Mall Pact, formally known as the Pall Mall Process, was initiated by France and the United Kingdom in February 2024.

Spyware 101

Spyware Surveillance Government VPN 101

Security Affairs

DECEMBER 27, 2024

Palo Alto Networks addressed a high-severity flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), in PAN-OS software that could cause a denial-of-service (DoS) condition. reached the end of life (EOL) on November 17, 2024, for this reason, it will not provide a fix for this release. The company noted that PAN-OS 11.0

DNS 114

DNS Firewall Spyware Software 114

Security Affairs

AUGUST 7, 2024

A previously unknown Android Spyware, dubbed LianSpy, has been targeting Russian users since at least 2021. In March 2024, cybersecurity researchers from Kaspersky discovered previously unknown Android spyware dubbed LianSpy. This AES key is then encrypted using a hardcoded public RSA key embedded in the spyware.

Spyware 143

Spyware Malware Encryption Data collection 143

Security Affairs

NOVEMBER 17, 2024

CISA adds Palo Alto Networks Expedition bugs to its Known Exploited Vulnerabilities catalog Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices China-linked threat actors compromised multiple telecos and spied on a limited number of U.S.

Cryptocurrency 112

Cryptocurrency Malware Hacking Ransomware 112

Security Affairs

NOVEMBER 19, 2024

DEEPPOST is a post-exploitation data exfiltration tool used to send files to a remote system and LIGHTSPY is a modular spyware. Volexity reported this vulnerability to Fortinet on July 18, 2024, and Fortinet acknowledged the issue on July 24, 2024.” ” reads the advisory.

VPN 119

VPN Malware Spyware Authentication 119

Security Affairs

JULY 30, 2024

A new version of the Mandrake Android spyware has been found in five apps on Google Play, which have been downloaded over 32,000 times since 2022. Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024.

Spyware 128

Spyware Malware Mobile Marketing 128

Security Affairs

APRIL 16, 2025

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping.

Malware 130

Malware Manufacturing Mobile Spyware 130

Security Affairs

JUNE 15, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Supply chain attack hits Gluestack NPM packages with 960K weekly downloads Analysis of the latest Mirai wave exploiting TBK DVR devices with CVE-2024-3721 Destructive npm Packages Disguised as Utilities Enable Remote (..)

Malware 75

Malware Spyware Ransomware Hacking 75

Security Affairs

MAY 30, 2024

Researchers spotted a macOS version of the LightSpy surveillance framework that has been active in the wild since at least January 2024. Researchers from ThreatFabric discovered a macOS version of the LightSpy spyware that has been active in the wild since at least January 2024.

Spyware 138

Spyware Malware Surveillance Mobile 138

Security Affairs

FEBRUARY 2, 2025

ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling MintsLoader: StealC and BOINC Delivery Cloud Ransomware Developments | The Risks of Customer-Managed Keys New TorNet backdoor seen in widespread campaign Active Exploitation: New Aquabot Variant Phones Home How we kept the Google Play & Android app ecosystems safe in 2024 Solana (..)

Malware 74

Malware Spyware Ransomware Hacking 74

Security Affairs

SEPTEMBER 22, 2023

Citizen Lab and Google’s TAG revealed that the three recently patched Apple zero-days were used to install Cytrox Predator spyware. citizenlab in coordination with @Google ’s TAG team found that former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s #Predator #spyware through links sent via SMS and WhatsApp.

Spyware 130

Spyware Surveillance Hacking Mobile 130

Security Affairs

JUNE 15, 2025

Palo Alto Networks fixed multiple privilege escalation flaws Unusual toolset used in recent Fog Ransomware attack A cyberattack on United Natural Foods caused bread shortages and bare shelves Apple confirmed that Messages app flaw was actively exploited in the wild Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer Paragon Graphite (..)

Spyware 62

Spyware Data breaches Cybercrime Hacking 62

Security Affairs

APRIL 13, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by Chinas APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack (..)

Malware 75

Malware Spyware Government Ransomware 75

Security Affairs

JANUARY 19, 2025

CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems Russia-linked APT Star Blizzard targets WhatsApp accounts Prominent US law firm Wolf Haldenstein disclosed a data breach Clop Ransomware exploits Cleo File Transfer flaw: dozens (..)

Spyware 71

Spyware Data breaches DNS Artificial Intelligence 71

Security Affairs

FEBRUARY 26, 2024

Recently the leak of a collection of files apparently stolen from the Chinese government hacking contractor, I-Soon, exposed Chinese hacking capabilities. Recently someone has leaked on GitHub [ 1 , 2 ] a collection of files apparently stolen from the Chinese hacking firm, I-Soon.

Hacking 135

Hacking Government Spyware Marketing 135

Security Affairs

DECEMBER 8, 2024

SmokeLoader Attack Targets Companies in Taiwan LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux Horns&Hooves campaign delivers NetSupport RAT and BurnsRAT DroidBot: Insights from a new Turkish MaaS fraud operation RedLine, A License to Steal: The Rudometov Story & Operation Magnus Unveiling RevC2 and Venom Loader Ultralytics (..)

Malware 71

Malware Spyware Phishing Hacking 71

Security Affairs

JANUARY 5, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 67

Malware Spyware Ransomware Hacking 67

Security Affairs

FEBRUARY 15, 2025

CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs Hacking Attackers exploit a new zero-day to hijack Fortinet firewalls Security OpenSSL patched high-severity flaw CVE-2024-12797 Progress Software fixed multiple high-severity (..)

Spyware 71

Spyware Firewall Artificial Intelligence Malware 71

Security Affairs

NOVEMBER 22, 2024

The vulnerability CVE-2024-44309 is a cookie management issue in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious web content. The vulnerability CVE-2024-44308 impacts the JavaScriptCore and could lead to arbitrary code execution when processing malicious web content. reads the advisory.

Spyware 66

Spyware Hacking Cybersecurity Risk 66

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 129

Spyware Data breaches Hacking Ransomware 129

Security Affairs

FEBRUARY 9, 2025

Texas is the first state to ban DeepSeek on government devices Law enforcement seized the domains of HeartSender cybercrime marketplaces WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware Ransomware attack hit Indian multinational Tata Technologies International Press Newsletter Cybercrime FBI, Dutch Police Disrupt Manipulaters (..)

Spyware 62

Spyware Cybercrime Scams Social Engineering 62

Security Affairs

MARCH 16, 2025

CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog GitLab addressed critical auth bypass flaws in CE and EE North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities Meta warns of actively exploited (..)

Spyware 74

Spyware Cybercrime Ransomware IoT 74

Security Affairs

APRIL 3, 2024

Two issues fixed by the IT giant, tracked as CVE-2024-29745 and CVE-2024-29748, are actively exploited in the wild. ” reads the Android Security Bulletin—April 2024. ” reads the Android Security Bulletin—April 2024. Google addressed 28 vulnerabilities in Android and 25 flaws in Pixel devices.

Spyware 136

Spyware Firmware Hacking Information Security 136

Security Affairs

AUGUST 8, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added an Android Kernel Remote Code Execution flaw ( CVE-2024-36971 ) and an Apache OFBiz Path Traversal issue ( CVE-2024-32113 ) to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2024-32113 is a path traversal issue in the Apache OFBiz.

Spyware 130

Spyware Hacking Cybersecurity Risk 130