Government, Information Security and Surveillance

Poland probes Pegasus spyware abuse under the PiS government

Security Affairs

DECEMBER 3, 2024

Poland probes Pegasus spyware abuse under the PiS government; ex-security chief Piotr Pogonowski arrested to testify before parliament. The former head of Poland’s internal security service was arrested Monday and brought before parliament to testify about prior government use of spyware against hundreds of individuals.

Spyware

Spyware Government Surveillance Hacking

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Security Affairs

NOVEMBER 14, 2024

government officials. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures. The cyber spies stole information belonging to targeted individuals that was subject to U.S. broadband providers is still ongoing, government experts are assessing its scope.

Government

Government Telecommunications Surveillance Risk

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

DECEMBER 23, 2024

Court documents state that on October 29, 2019, plaintiffs filed this lawsuit, alleging that the defendants used WhatsApp to target approximately 1,400 mobile phones and devices to infect them with the surveillance software. ” reads the court document. ” The U.S. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Software Hacking

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

Security Affairs

DECEMBER 16, 2024

Researchers warn of previously undetected surveillance spyware, named NoviSpy, that was found infecting a Serbian journalist’s phone. Then he requested help from Amnesty Internationals Security Lab fearing to be the target of surveillance software like other journalists in Serbia. Development traces back to at least 2018.

Spyware

Spyware Surveillance Technology Mobile

The U.S. House banned WhatsApp on government devices due to security concerns

Security Affairs

JUNE 24, 2025

House banned WhatsApp on official devices over security concerns, citing risks flagged by the Chief Administrative Officer. House has banned WhatsApp on government devices due to data security concerns. Similar restrictions apply to AI tools like ChatGPT , ByteDance apps, and Microsoft Copilot. ” continues the email.

Government

Government Spyware Mobile Encryption

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. Russian intelligence agencies could use these exploits for surveillance and espionage purposes. Given Telegrams end-to-end encryption and widespread use, an exploit that bypasses its security could be a game-changer for cyber espionage.

Government

Government Surveillance Hacking Mobile

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

Security Affairs

APRIL 29, 2025

The report published by GTIG highlights evolving attacker tactics, better vendor defenses, and growing challenges in detecting commercial surveillance activity. “This jumped to 44% in 2024, primarily fueled by the increased exploitation of security and networking software and appliances.”

Surveillance

Surveillance Mobile Software Hacking

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

Security Affairs

DECEMBER 4, 2024

The government agencies released a guide that advises telecom and critical infrastructure defenders on best practices to strengthen network security against PRC-linked and other cyber threats. telecoms, compromising networks to steal call records and access private communications, mainly of government and political figures.

Telecommunications

Telecommunications Government Mobile Cyber threats

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

Security Affairs

APRIL 8, 2025

The Meta-owned company linked the hacking campaign to Paragon , an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024. Researchers linked Paragon to several IP addresses hosted at local telecoms, suggesting they belong to government customers.

Spyware

Spyware Surveillance Hacking Media

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Security Affairs

MARCH 20, 2025

The Ukrainian government experts noticed that some messages were sent from compromised contacts to increase trust. The modular architecture of the malware allows to extend its functionalities for multiple malicious purposes, including surveillance, reconnaissance, information theft, DDoS attacks, and arbitrary code execution.

Computers and Electronics

Computers and Electronics Telecommunications Malware Surveillance

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

Security Affairs

FEBRUARY 3, 2025

Ron Wyden warns of national security risks after Elon Musk s DOGE was given full access to sensitive Treasury systems. Ron Wyden warned of national security risks after Elon Musk s team, Department of Government Efficiency (DOGE), was granted full access to a sensitive U.S. Treasury payments system.

Risk

Risk Surveillance Cyber threats Marketing

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Security Affairs

NOVEMBER 16, 2024

Court filing revealed that NSO Group used WhatsApp exploits after the instant messaging firm sued the surveillance company. NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm. from April 29, 2018, to May 10, 2020).

Spyware

Spyware Surveillance Malware Hacking

Increased GDPR Enforcement Highlights the Need for Data Security

Security Affairs

NOVEMBER 18, 2024

government surveillance. Amazon: €746 Million ($781 Million), 2021 In 2021, Amazon received a hefty fine for failing to secure proper consent for advertising cookies. Continuous Monitoring : Keep track of your data flows and security measures to ensure compliance. After the invalidation of the EU-U.S.

Data privacy

Data privacy Risk Surveillance Government

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

MARCH 13, 2025

North Korea-linked threat actor ScarCruft (aka APT37 , Reaper, and Group123) is behind a previously undetected Android surveillance tool namedKoSpythat was used to target Korean and English-speaking users. Cyber attacks conducted by the APT37 group mainly targeted government, defense, military,and media organizations in South Korea.

Spyware

Spyware Surveillance Encryption Malware

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

Security Affairs

MARCH 19, 2025

The Meta-owned company linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024. Researchers linked Paragon to several IP addresses hosted at local telecoms, suggesting they belong to government customers.

Spyware

Spyware Surveillance Hacking Media

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

Security Affairs

JANUARY 17, 2025

The privacy non-profit organization requested the immediate suspension of data transfers to China due to the risk that the government of Beijing could access data of EU citizens. Given that China is an authoritarian surveillance state, it is crystal clear that China doesnt offer the same level of data protection as the EU.

Surveillance

Surveillance Government Hacking Risk

Canada bans Hikvision over national security concerns

Security Affairs

JUNE 30, 2025

Canada bans Hikvision over national security concerns, ordering the company to stop operations and barring its tech from government use. Canada ordered Chinese surveillance firm Hikvision to cease all operations in the country, citing national security concerns. The government has determined that Hikvision Canada Inc.’s

Surveillance

Surveillance Government Manufacturing Technology

Serbian student activist’s phone hacked using Cellebrite zero-day exploit

Security Affairs

MARCH 3, 2025

This decision reinforces Amnesty Internationals December findings that Serbian police and intelligence routinely misused Cellebrites digital forensic equipment outside legally sanctioned processes to target civil society activists and independent journalists critical of the government. added Donncha Cearbhaill.

Hacking

Hacking Spyware Technology Surveillance

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

APRIL 18, 2025

Security patches are available for the following devices: iPhone XS and later, iPad Pro 13-inch, iPad Pro 13.9-inch However, the limited, targeted nature of these attacks against iOS users suggests that commercial surveillance vendors or a nation-state actor likely exploited the flaws. ” states Check Point.

Authentication

Authentication Surveillance Passwords Media

Russia’s FSB used spyware against a Russian programmer

Security Affairs

DECEMBER 7, 2024

. “The spyware bears many similarities to the Monokle family of spyware, previously reported on by Lookout Mobile Security , which they attribute to the Special Technology Center, a contractor to the Russian government.” ” continues the report.

Spyware

Spyware Passwords Encryption Surveillance

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

FEBRUARY 9, 2025

What are the risks?

Spyware

Spyware Cybercrime Scams Social Engineering

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

Security Affairs

MARCH 11, 2025

Attackers exploit weak links in international data exchange systems to compromise critical infrastructure and access sensitive information. Geopolitical and Economic Risks Geopolitical tensions and economic disputes between nations also impact the security of cross-border data transfers.

Cybersecurity

Cybersecurity Encryption Artificial Intelligence Technology

The Ultimate ISO 27001 Checklist: Step-by-Step Guide to Simplify Your Compliance Journey

Centraleyes

MAY 5, 2025

This guide offers a comprehensive, step-by-step breakdown of the process, providing the depth and clarity youre looking for to build a rock-solid Information Security Management System (ISMS). ISO 27001 is a globally recognized standard for managing information security. What is ISO 27001? Why is ISO 27001 Important?

Risk

Risk Information Security Firewall Education

Apple removes iCloud encryption in UK following backdoor demand

Security Affairs

FEBRUARY 22, 2025

Apple removed iClouds Advanced Data Protection in the UK after the government requested encryption backdoor access. Apple ends iCloud end-to-end encryption in the United Kingdom following the government’s request for encryption backdoor access. Advanced Data Protection is now unavailable for new UK users. said Sen. In 2022 U.K.

Encryption

Encryption Backups Government Surveillance

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime

Cybercrime Hacking Artificial Intelligence Ransomware

Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MARCH 2, 2025

Spreads via Impersonation of Official Email to Target Users in Taiwan Belgian prosecutor probes alleged Chinese hacking of intelligence service Exclusive: Hegseth orders Cyber Command to stand down on Russia planning Cybersecurity Trump 2.0

Cybercrime

Cybercrime Hacking Ransomware Cryptocurrency

Security Affairs newsletter Round 525 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

MAY 25, 2025

local government networks U.S. Silent Ransom Group targeting law firms, the FBI warns Leader of Qakbot cybercrime network indicted in U.S. crackdown Operation RapTor led to the arrest of 270 dark web vendors and buyers Chinese threat actors exploited Trimble Cityworks flaw to breach U.S.

Data breaches

Data breaches Malware Cybercrime Ransomware

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

Security Affairs

JULY 21, 2025

The group’s victims are mainly in the telecommunications, government (IT services), and oil sectors. In January 2022, US Cyber Command (USCYBERCOM) officially linked the MuddyWater APT group to Iran’s Ministry of Intelligence and Security (MOIS). MuddyWater added features to steal WhatsApp data and scan files.

Spyware

Spyware Telecommunications Surveillance VPN

ISO 42001 Certification: Step-by-Step Guide to Achieve

Centraleyes

JULY 3, 2025

The standard introduces structured governance, risk assessments, and oversight. Developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), the standard sets out a structured framework to help organizations deploy and govern AI systems responsibly.

Government

Government Risk Accountability Artificial Intelligence

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Daniel Miessler

MARCH 22, 2020

Just yesterday I tweeted that the COVID-19 situation was going to finally make large-scale video surveillance endemic to our society. Governments and various industries have been trying to do this for a long time, but they’ve been opposed on the grounds of protecting freedom and privacy. The Real Internet of Things, January 2017.

Surveillance

Surveillance Government Education Engineering

Is the Belarusian government behind the surveillance Android app banned by Google?

Security Affairs

SEPTEMBER 3, 2020

Google has removed an app from the Play Store that was used by the Belarusian government to spy on anti-government protesters. Google has removed the app NEXTA LIVE ( com.moonfair.wlkm ) from the official Play Store because it was used by the Belarusian government to spy on anti-government protesters. site (89.223.89[.]47).”

Surveillance

Surveillance Government Advertising Malware

US NCSC and DoS share best practices against surveillance tools

Security Affairs

JANUARY 9, 2022

The US NCSC and the Department of State published joint guidance on defending against attacks using commercial surveillance tools. In the last years, we have reported several cases of companies selling commercial surveillance tools to governments and other entities that have used them for malicious purposes. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Malware

France’s government is giving the police more surveillance power

Security Affairs

JULY 9, 2023

The French government is going to grant law enforcement the power to spy on suspects through smartphones and other devices. “”We’re far away from the totalitarianism of 1984,” George Orwell’s novel about a society under total surveillance, Dupond-Moretti said.

Surveillance

Surveillance Government Spyware IoT

Speakers Censored at AISA Conference in Melbourne

Schneier on Security

OCTOBER 8, 2019

Two speakers were censored at the Australian Information Security Association's annual conference this week in Melbourne. Thomas Drake , former NSA employee and whistleblower, was scheduled to give a talk on the golden age of surveillance, both government and corporate. Both were put on the program months ago.

Government

Government Surveillance Technology Information Security

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports

Security Affairs

AUGUST 6, 2022

Greek intelligence admitted it had spied on a journalist, while citizens ask the government to reveal the use of surveillance malware. The head of the Greek intelligence told a parliamentary committee that they had spied on a journalist with surveillance malware , Reuters reported citing two sources present. Pierluigi Paganini.

Surveillance

Surveillance Malware Spyware Government

UAE government denies using ToTok for mass surveillance

Security Affairs

DECEMBER 30, 2019

The United Arab Emirates denied reports that the popular mobile app ToTok was used as part of a government massive surveillance program. According to a report recently published by the New York Times , the popular app ToTok was used by the UAE government as a surveillance tool. SecurityAffairs – ToTok, surveillance).

Surveillance

Surveillance Government Telecommunications Advertising

German authorities raid the offices of the FinFisher surveillance firm

Security Affairs

OCTOBER 14, 2020

Earlier this month, German authorities have raided the offices of FinFisher, the German surveillance software firm, accused of providing its software to oppressive regimes. The post German authorities raid the offices of the FinFisher surveillance firm appeared first on Security Affairs. Pierluigi Paganini.

Surveillance

Surveillance Spyware Software Advertising

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Security Affairs

APRIL 8, 2020

In October 2019, WhatsApp sued the Israeli surveillance firm NSO Group accusing it of carrying out malicious attacks against its users. The researchers also spotted other attacks against a Mexican journalist who reported to the public a story of the corruption in the Mexican government. ”the court filing reads.

Surveillance

Surveillance Spyware Government Advertising

Pegasus Project – how governments use Pegasus spyware against journalists

Security Affairs

JULY 19, 2021

Pegasus Project investigation into the leak of 50,000 phone numbers of potential surveillance targets revealed the abuse of NSO Group’s spyware. Pegasus Project is the name of a large-scale investigation into the leak of 50,000 phone numbers of potential surveillance targets that revealed the abuse of NSO Group’s spyware.

Spyware

Spyware Government Surveillance Media

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Security Affairs

JUNE 24, 2022

Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with their spyware. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Surveillance

Surveillance Mobile Spyware Telecommunications

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Security Affairs

SEPTEMBER 16, 2024

The IT giant fears that the disclosures of its threat intelligence related to commercial spyware operations could aid NSO and other surveillance firms. “Apple’s teams work tirelessly to protect the critical threat-intelligence information that Apple uses to protect its users worldwide. ” reads the court filing.

Surveillance

Surveillance Spyware Risk Hacking

Expert found Russia’s SORM surveillance equipment leaking user data

Security Affairs

AUGUST 30, 2019

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data. SORM is a mass surveillance system that allows the Government of Moscow to track online activities of single individuals thanks to the support of the Russian ISPs.

Surveillance

Surveillance Firmware Advertising Mobile

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

Security Affairs

MAY 20, 2019

Amnesty International filed a lawsuit against Israeli surveillance firm NSO and fears its staff may be targeted by the company with its Pegasus spyware. The name NSO Group made the headlines last week after the disclosure of the WhatsApp flaw exploited by the company to remotely install its surveillance software.

Surveillance

Surveillance Spyware Software Government

The US Gov is testing high-altitude balloons for surveillance

Security Affairs

AUGUST 4, 2019

The US government is testing high-altitude balloons manufactured by Sierra Nevada to conduct surveillance over American soil. The US government is planning to use high-altitude balloons to conduct surveillance over Americans. SecurityAffairs – high-altitude balloons, surveillance). ” states The Guardian.

Surveillance

Surveillance Manufacturing Advertising Government

Poland probes Pegasus spyware abuse under the PiS government

China-linked threat actors compromised multiple telecos and spied on a limited number of U.S. government officials

Trending Sources

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware

The U.S. House banned WhatsApp on government devices due to security concerns

Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks

WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

CERT-UA warns of cyber espionage against the Ukrainian defense industry using Dark Crystal RAT

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

NSO Group used WhatsApp exploits even after Meta-owned company sued it

Increased GDPR Enforcement Highlights the Need for Data Security

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

Canada bans Hikvision over national security concerns

Serbian student activist’s phone hacked using Cellebrite zero-day exploit

U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

Russia’s FSB used spyware against a Russian programmer

Security Affairs newsletter Round 510 by Pierluigi Paganini – INTERNATIONAL EDITION

Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies

The Ultimate ISO 27001 Checklist: Step-by-Step Guide to Simplify Your Compliance Journey

Apple removes iCloud encryption in UK following backdoor demand

Security Affairs newsletter Round 499 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 513 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 525 by Pierluigi Paganini – INTERNATIONAL EDITION

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

ISO 42001 Certification: Step-by-Step Guide to Achieve

Sickness Monitoring is the Opening Video Surveillance Has Been Waiting For

Is the Belarusian government behind the surveillance Android app banned by Google?

US NCSC and DoS share best practices against surveillance tools

France’s government is giving the police more surveillance power

Speakers Censored at AISA Conference in Melbourne

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports

UAE government denies using ToTok for mass surveillance

German authorities raid the offices of the FinFisher surveillance firm

NSO CEO claims Facebook wanted NSO surveillance tool to spy on users

Pegasus Project – how governments use Pegasus spyware against journalists

Google TAG argues surveillance firm RCS Labs was helped by ISPs to infect mobile users

Apple dismisses lawsuit against surveillance firm NSO Group due to risk of threat intelligence exposure

Expert found Russia’s SORM surveillance equipment leaking user data

Amnesty International filed a lawsuit against Israeli surveillance firm NSO

The US Gov is testing high-altitude balloons for surveillance

Stay Connected