Penetration Testing

JUNE 9, 2025

Seqrite Labs uncovers Operation DRAGONCLONE, a sophisticated APT campaign targeting China Mobile Tietong with VELETRIX and VShell malware.

Mobile 94

Mobile Malware Cybersecurity 94

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker ­ and not its government customers ­ is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government 317

Government Spyware Mobile Hacking 317

Krebs on Security

JANUARY 16, 2025

Those who fall for the scam are asked to provide payment card data, and eventually will be asked to supply a one-time password sent via SMS or a mobile authentication app. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.

Phishing 301

Phishing Scams Mobile Authentication 301

Krebs on Security

APRIL 10, 2025

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. If the visitor supplies that one-time code, their payment card is then added to a new mobile wallet on an Apple or Google device that is physically controlled by the phishers.

Banking 246

Banking Phishing Mobile Retail 246

Krebs on Security

MARCH 21, 2025

states last week independently announced arrests of Chinese nationals accused of perpetrating a novel form of tap-to-pay fraud using mobile devices. If you own a mobile phone, the chances are excellent that at some point in the past two years it has received at least one phishing message that spoofs the U.S. Image: WLVT-8.

Phishing 225

Phishing Mobile Scams Banking 225

Malwarebytes

JUNE 10, 2025

Confusingly, even legitimate businesses now lean on outreach tactics that have long been favored by online scammers—asking people to scan QR codes, download mobile apps, and trade direct messages with, essentially, strangers. READ THE REPORT Here are some of the key findings: 77% of people worry about mobile scams and threats.

Scams 90

Scams Mobile Identity Theft Social Engineering 90

Schneier on Security

MAY 28, 2025

Using a mobile application that all foreigners will have to install on their smartphones, the Russian state will receive the following information: Residence location Fingerprint Face photograph Real-time geo-location monitoring This isn’t the first time we’ve seen this.

Mobile 299

Mobile 299

SecureList

NOVEMBER 29, 2024

Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. IT threat evolution in Q3 2024 IT threat evolution in Q3 2024.

Mobile 106

Mobile Adware Ransomware Malware 106

Schneier on Security

NOVEMBER 26, 2024

which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28.

Manufacturing 282

Manufacturing Media Mobile Hacking 282

Webroot

MAY 9, 2025

Photo credit: TextMagic Mobile security checklist Most of us use our phones for everything – banking, shopping, messaging, and storing personal information. Here are some tips to help you strengthen your mobile security against text scams and other types of fraud. Always take a moment to think critically before acting.

Scams 72

Scams Mobile Banking VPN 72

Schneier on Security

JUNE 9, 2025

Google says it’s investigating the abuse, which allows Meta and Yandex to convert ephemeral web identifiers into persistent mobile app user identities.

Mobile 281

Mobile Internet Internet 281

Krebs on Security

DECEMBER 3, 2024

Interisle sources data about cybercrime domains from anti-spam organizations, including the Anti-Phishing Working Group (APWG), the Coalition Against Unsolicited Commercial Email (CAUCE), and the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG).

Cybercrime 300

Cybercrime Phishing Accountability Internet 300

Krebs on Security

DECEMBER 18, 2024

A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

Cryptocurrency 363

Cryptocurrency Accountability Authentication Phishing 363

Krebs on Security

NOVEMBER 1, 2024

KrebsOnSecurity last week heard from a reader whose close friend received a targeted phishing message within the Booking mobile app just minutes after making a reservation at a California. ” The phony booking.com website generated by visiting the link in the text message.

Phishing 276

Phishing Accountability Artificial Intelligence Cybercrime 276

Security Affairs

NOVEMBER 25, 2024

” An SMS blaster attack is a cyberattack where a large number of malicious or fraudulent SMS messages are sent to mobile devices within a specific area or to a targeted group. SMS blaster attacks can exploit vulnerabilities in mobile networks and typically require proximity to the targeted devices for localized attacks.

Mobile 127

Mobile Scams Technology Telecommunications 127

Malwarebytes

APRIL 3, 2025

Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. Mobile VPNs are apps that connect your smartphone to the internet via different computers around the world. The company developed several mobile apps for Innovative Connecting Pte.

VPN 139

VPN Mobile Government Technology 139

Security Affairs

OCTOBER 22, 2024

A vulnerability resides in Samsung mobile processors and according to the experts, it has been chained with other vulnerabilities to achieve arbitrary code execution on vulnerable devices. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate privileges on a vulnerable Android device.

Firmware 145

Firmware Mobile Spyware Media 145

Duo's Security Blog

JUNE 17, 2025

We’re excited to announce a major update to Instant Restore for Duo Mobile on Android. The new version of Instant Restore will be used when Duo Mobile detects Google backup is enabled and a passcode is set on the device. Android will automatically restore Duo Mobile’s backup. or higher installed.

Backups 106

Backups Mobile Accountability Encryption 106

Krebs on Security

DECEMBER 29, 2024

Much of my summer was spent reporting a story about how advertising and marketing firms have created a global free-for-all where anyone can track the daily movements and associations of hundreds of millions of mobile devices , thanks to the ubiquity of mobile location data that is broadly and cheaply available.

Scams 241

Scams Cybercrime Cryptocurrency Social Engineering 241

The Last Watchdog

MAY 1, 2025

Approov: Securing cloud-mobile APIs Ted Miracco, CEO of Approov, painted a vivid picture of modern mobile risk: Your mobile app is under attack the moment it talks to the cloud especially over public Wi-Fi. The moment an intruder touches one, high-fidelity alerts are triggered. Approovs solution?

Mobile 189

Mobile Government CISO Technology 189

Security Affairs

OCTOBER 17, 2024

VMWare warns to address a remote code execution vulnerability, tracked as CVE-2024-38814 (CVSS score of 8.8), in its HCX application mobility platform. ” VMware HCX (Hybrid Cloud Extension) is a workload mobility platform designed to simplify the migration, rebalancing, and continuity of workloads across data centers and clouds.

Authentication 134

Authentication Mobile Hacking Information Security 134

Zero Day

MAY 25, 2025

Memorial Day weekend is here, and these phones are packed with top features for an even lower price.

Mobile 102

Mobile 102

Security Affairs

MAY 20, 2025

South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April began in 2022. SK Telecom is South Koreas largest wireless telecom company, a major player in the countrys mobile and tech landscape. The telecom giant detected an infection of its systems at 11 PM on Saturday, April 19, 2025.

Malware 108

Malware Mobile Data breaches Wireless 108

Schneier on Security

NOVEMBER 13, 2024

The mobile scanners on cars are not mapped. DeFlock is a crowd-sourced project to map license plate scanners. It only records the fixed scanners, of course. The post Mapping License Plate Scanners in the US appeared first on Schneier on Security.

Mobile 294

Mobile Surveillance 294

Krebs on Security

NOVEMBER 21, 2024

technology companies between 2021 and 2023, including LastPass , MailChimp , Okta , T-Mobile and Twilio. Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. Image: Amitai Cohen twitter.com/amitaico.

Identity Theft 268

Identity Theft Phishing Cryptocurrency Accountability 268

NSTIC

NOVEMBER 13, 2024

If you are interested in the world of digital identities, you have probably heard some of the buzzwords that have been floating around for a few years now… “verifiable credential,” “digital wallet,” “mobile driver’s license” or “mDL.” But what exactly is a verifiable digital credential?

Insurance 132

Insurance Mobile 132

The Hacker News

MAY 27, 2025

Threat hunters have exposed a novel campaign that makes use of search engine optimization (SEO) poisoning techniques to target employee mobile devices and facilitate payroll fraud.

Manufacturing 123

Manufacturing Mobile Engineering 123

Security Affairs

MARCH 28, 2025

. “Preliminary findings indicate that the suspects developed malware called Mamont, which they distributed via Telegram channels under the guise of safe mobile applications and video files. Crooks typically disguise the malicious code as legitimate mobile apps or video files.

Banking 117

Banking Computers and Electronics Mobile Malware 117

Malwarebytes

FEBRUARY 11, 2025

They started developing entire mobile apps on Android that could provide the same level of theft. These decoy apps are often hosted on less popular mobile app stores, as the protections of the Google Play store often flag and remove these apps, should they ever sneak onto the marketplace. A low number of reviews may signal a decoy app.

Phishing 129

Phishing Passwords Authentication Mobile 129

The Hacker News

JUNE 19, 2025

"Operated by the financially motivated threat actor LARVA-398, AntiDot is actively sold as a Malware-as-a-Service (MaaS) on underground forums and has been linked to a wide range of mobile campaigns," PRODAFT said in a report

Malware 117

Malware Mobile Cybersecurity 117

Malwarebytes

APRIL 3, 2025

Not one but several worried parents that tracked their children by using T-Mobile tracking devices suddenly found that they were looking at the location of random other children. T-Mobile sells a small GPS tracker called SyncUP , which can be used to track, among others, the locations of young children who dont have cell phones yet.

Mobile 102

Mobile Media Surveillance Technology 102

The Hacker News

JUNE 18, 2025

Support for passkeys is expected to be available "soon" on Android and iOS mobile devices. "Passkeys are a new way to verify your identity and login to your account that's easier and more secure than traditional passwords," the tech giant said in a post. The feature is

Passwords 115

Passwords Mobile Accountability 115

Krebs on Security

OCTOBER 17, 2024

At the same time, AnonSudan announced it was attacking the APIs that power Israel’s widely-used “red alert” mobile apps that warn residents about any incoming rocket attacks in their area. As Hamas fighters broke through the border fence and attacked Israel on Oct. 7, 2023, a wave of rockets was launched into Israel.

DDOS 270

DDOS Government Internet Internet 270

Security Affairs

APRIL 16, 2025

” In September, security researchers from G DATA discovered more than two dozen Android mobile phones from different manufacturers already infected by pre-installed malware. .” concludes the report that includes indicators of compromise (IoCs).

Malware 130

Malware Manufacturing Mobile Spyware 130

Malwarebytes

FEBRUARY 27, 2025

Combining official-looking Google search ads with specially-crafted PayPal pay links, makes this scheme particularly dangerous on mobile devices due to their screen size limitation and likelihood of not having security software. There are also security solutions that can block ads and malicious links, such as Malwarebytes for mobile devices.

Scams 115

Scams Mobile Small Business Advertising 115

Security Affairs

OCTOBER 28, 2024

million mobile and fixed subscribers. “This suspected data breach reportedly affects Free Mobile and Freebox customers, with the data leak dating back to October 17, 2024, according to the cybercriminals.” Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. ” wrote the cyber evangelist SaxX.

Cyber Attacks 128

Cyber Attacks Telecommunications Data breaches Banking 128

SecureWorld News

JUNE 18, 2025

Remediation: Implement robust authentication and authorization for all ecosystem interfaces including web, mobile, cloud, and backend APIs. Insecure Apps: Mobile applications used for monitoring may lack proper input validation, encryption, and other application security controls.

Firmware 106

Firmware IoT Manufacturing Mobile 106