Schneier on Security

JULY 24, 2025

Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you’ve never heard of. Developers no longer need to build and maintain extensive data storage systems, surveillance infrastructure, or analytics pipelines.

Architecture

Security Affairs

APRIL 17, 2025

Processing an audio stream in a maliciously crafted media file may result in code execution. However, the limited, targeted nature of these attacks against iOS users suggests that commercial surveillance vendors or a nation-state actor likely exploited the flaws. As usual, Apple has not shared technical details about the attacks.

Surveillance

Security Affairs

APRIL 5, 2025

Call metadata can enable real-time surveillance if misused. Recently, media reported that a China-linked cyber espionage group is targeting several telecom companies demonstrating that call data may be valuable to threat actors. The issue likely affected most Verizon Wireless users, as the service is often enabled by default.

Wireless

Security Affairs

JANUARY 29, 2025

The vulnerability is a privilege escalation vulnerability that impacts the Core Media framework. The Apple Core Media framework supports multimedia tasks like playback, recording, and manipulation of audio and video on iOS and macOS devices. A malicious application may be able to elevate privileges.

Spyware

Security Affairs

MARCH 13, 2025

North Korea-linked threat actor ScarCruft (aka APT37 , Reaper, and Group123) is behind a previously undetected Android surveillance tool namedKoSpythat was used to target Korean and English-speaking users. Cyber attacks conducted by the APT37 group mainly targeted government, defense, military,and media organizations in South Korea.

Spyware

Security Affairs

DECEMBER 4, 2024

The Salt Typhoon group targeted surveillance systems used by the US government to investigate crimes and threats to national security, including activities carried out by nation-state actors. “For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. This is not the case at T-Mobile.”

Telecommunications

Security Affairs

JUNE 12, 2025

RTSP is popular in professional surveillance for low-latency streaming. Excluding telecommunications, the technology sector has the most exposed cameras (28.4%), followed by media (19.6%), utilities (11.9%), business services (10.7%), and education (10.6%). To capture screenshots, they tested common RTSP URIs (e.g.,

Hacking

Security Affairs

NOVEMBER 28, 2024

“To clear up some misleading media reports, here is what we’re currently seeing, much of which we believe is different from what is being seen by other providers.” This is not the case at T-Mobile.” ” reads the report published by the telecommunications company. The investigation into the breaches of the U.S.

Mobile

Malwarebytes

APRIL 3, 2025

According to our friends at 404 Media , several users reported receiving information that came from another tracker, not their own. One woman who spoke to 404 Media could see the location address where the random children were, as well as their name and the last time the location was updated.

Mobile

Security Affairs

MARCH 19, 2025

The Meta-owned company linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024. There are no official reports about the spyware campaign, but media reports that threat actors may have used a specially crafted PDF file as bait.

Spyware

Zero Day

JUNE 17, 2025

"The company and its founder have worked with government spy agencies and surveillance industry contractors to surveil mobile phones and track user location," Bloomberg reported. In this instance, the messages passed through a controversial Swiss outfit named Fink Telecom Services.

Authentication

Security Affairs

APRIL 18, 2025

Processing an audio stream in a maliciously crafted media file may result in code execution. However, the limited, targeted nature of these attacks against iOS users suggests that commercial surveillance vendors or a nation-state actor likely exploited the flaws. As usual, Apple has not shared technical details about the attacks.

Authentication

Security Affairs

MARCH 3, 2025

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming. reads the advisory.

Hacking

Security Boulevard

NOVEMBER 24, 2024

The conversation shifts to social media platforms Twitter, Blue […] The post Deepfake Fraud, Data Brokers Tracking Military Personnel appeared first on Shared Security Podcast. The show covers identity fraud issues and explores the controversial practices of data brokers selling location data, including tracking US military personnel.

Media

We Live Security

AUGUST 1, 2025

Rather than involving trench coats and secret missions, its now about silent cyberthreats that can turn phones into secret surveillance devices. In other words, todays battleground is in peoples pockets, as malicious tools pose as everyday apps and can, in extreme cases, compromise your devices even without you needing to do a thing.

Spyware

Security Affairs

OCTOBER 27, 2024

Roundcube mail server attacks exploit CVE-2024-37383 vulnerability “Hey ESET, Wait for the Leak”: Dissecting the “OctoberSeventh” Wiper targeting ESET customers in Israel Internet Archive breached again through stolen access tokens End-to-End Encrypted Cloud Storage in the Wild A Broken Ecosystem CVE-2024-44068: Samsung m2m1shot_scaler0 device driver (..)

Data breaches

Krebs on Security

NOVEMBER 5, 2024

404 Media reports that at a court hearing in Ontario this morning, Moucka called in from a prison phone and said he was seeking legal aid to hire an attorney. KrebsOnSecurity has learned that Moucka is currently named in multiple indictments issued by U.S. prosecutors and federal law enforcement agencies.

Cybercrime

Jane Frankland

JANUARY 12, 2025

Social engineering tactics such as phishing will not only remain prevalent but evolve as attackers leverage AI to craft highly personalised attacks (spear phishing and whaling) , mimicking a victim’s tone or referencing contextual details with alarming accuracy using data from social media, public records, and other sources.

Cybersecurity

SecureList

NOVEMBER 28, 2024

The attackers leveraged the VLC media player to deploy the FourteenHi backdoor after exploiting MS Exchange vulnerabilities. The second, an article published in 2024 by the Google Threat Analysis Group, described the business model of various companies that provide commercial surveillance solutions.

Malware

Security Affairs

FEBRUARY 9, 2025

What are the risks?

Spyware

We Live Security

AUGUST 8, 2025

Spyware designed to turn your phone into a secret surveillance device. which falsely claim your device is compromised with malware ) phishing links, either sent via email, text or social media messages Evasion techniques Adware developers also go to some lengths to evade detection by unsuspecting mobile users and security tools.

Adware

Zero Day

JUNE 22, 2025

In the headline for a  recent story published by Cybernews , the cybersecurity media outlet said that 16 billion passwords were exposed in a record-breaking data breach, opening access to Facebook, Google, Apple, and any other service imaginable. Take the latest report of a major breach. Sounds scary, right?

Passwords

eSecurity Planet

JUNE 25, 2025

Without spending anything, you can access rich media features, group chats, voice/video calls, and AI-powered tools like smart replies, all in one place. Key features E2EE on messages, calls, and media Minimal data collection. Briar Briar is built for when traditional networks fail, or surveillance is everywhere.

Encryption

Security Boulevard

MARCH 17, 2025

Surveillance Tech in the News This section covers surveillance technology and methods in the news. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories.

Surveillance

BH Consulting

JANUARY 30, 2025

The Electronic Frontier Federation has a good explainer of the surveillance mechanism behind the world of online ads. The information included theloss of sensitive papers, encrypted devices, and unauthorised access to social media. Euractiv described the ruling as good news for advocates of the right to freedom of information.

Cyber Risk

eSecurity Planet

JUNE 25, 2025

Without spending anything, you can access rich media features, group chats, voice/video calls, and AI-powered tools like smart replies, all in one place. Key features E2EE on messages, calls, and media Minimal data collection. Briar Briar is built for when traditional networks fail, or surveillance is everywhere.

Encryption

SecureWorld News

JANUARY 9, 2025

Both Russia and China are spending millions of dollars every month fabricating information and then amplifying these false narratives deigned to sow division, create confusion, and stoke existing divisions, using social media platforms. That, in turn, will help us to better design defensive strategies and tactics to thwart future attacks.

Cybersecurity

SecureWorld News

MARCH 5, 2025

government has already imposed new restrictions on intrusion software, surveillance tools, and AI-driven security technologies, making it harder for companies to collaborate on global cybersecurity research. Beyond tariffs, export restrictions on cybersecurity tools and software are tightening. RELATED: AI Diffusion Rule to Protect U.S.

Cyber Risk

Zero Day

JUNE 20, 2025

In the headline for a  recent story published by Cybernews , the cybersecurity media outlet said that 16 billion passwords were exposed in a record-breaking data breach, opening access to Facebook, Google, Apple, and any other service imaginable. Take the latest report of a major breach. Sounds scary, right?

Passwords

Zero Day

JULY 29, 2025

Also, the country doesn't belong to the 5/9/14 Eyes Alliances, referring to countries that share surveillance data and intelligence on their citizens. Business entities in Panama aren't obligated to collect and store their customers' information. Most notably, it likes imposing itself over other applications.

VPN

Security Affairs

MARCH 2, 2025

Soldier Charged in AT&T Hack Searched Can Hacking Be Treason Group-IB contributes to joint operation of Royal Thai Police and Singapore Police Force leading to arrest of cybercriminal behind more than 90 data leaks worldwide UAC-0173 against the Notary Office of Ukraine (CERT-UA#13738) North Korea Responsible for $1.5

Cybercrime

Malwarebytes

JULY 29, 2025

But to access any single criminal or criminal suspect’s encrypted messages would require an entire reworking of the technology itself, opening up not just one person’s communications to surveillance, but everyone’s.

Encryption

Zero Day

JUNE 27, 2025

The team of developers behind the service say they're advocates of digital autonomy and freedom from surveillance, which may explain why the app offers so many protection features. IVPN is owned by IVPN Limited, with its CEO and founder Nicholas Pestell the majority stakeholder.

VPN

Security Affairs

JULY 29, 2025

The hacktivists claimed year-long access to Aeroflot’s network, stealing customer data, internal files, call recordings, surveillance footage, and communications. The Cyber-Partisans group has conducted numerous attacks on Belarusian state media over the past four years.

Social Engineering

Centraleyes

AUGUST 11, 2025

That state-first dynamic has only accelerated due to: High-profile data breaches Public concern over algorithmic influence The rise of AI, geolocation tracking, and surveillance advertising Privacy Laws Going Into Effect in 2025 These are the brand-new state privacy laws taking effect for the first time in 2025.

Data privacy

Security Affairs

DECEMBER 22, 2024

CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog ConnectOnCall data breach impacted over 900,000 individuals Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise (..)

Data breaches

Malwarebytes

JULY 29, 2025

But to access any single criminal or criminal suspect’s encrypted messages would require an entire reworking of the technology itself, opening up not just one person’s communications to surveillance, but everyone’s.

Encryption