New.
iVerify: Breaking Down ZeroDayRAT - New Spyware Targeting Android and iOS https://iverify.io/blog/breaking-down-zerodayrat---new-spyware-targeting-android-and-ios
More:
The Hacker News: New Mobile Spyware ZeroDayRAT Targets Android and iOS https://www.infosecurity-magazine.com/news/zerodayrat-mobile-spyware-android/ #infosec #spyware #Android #iOS #threatresearch
#ZeroDayRAT #spyware grants attackers total access to mobile devices
https://securityaffairs.com/187820/malware/zerodayrat-spyware-grants-attackers-total-access-to-mobile-devices.html
#securityaffairs #hacking #malware
Eksfiltracja danych, przejęcie konta na WhatsApp – a wszystko przez aplikację randkową GhostChat
Badacze bezpieczeństwa z ESET wykryli kampanię spyware na Androida wymierzoną w użytkowników z Pakistanu. Atakujący zastosowali socjotechnikę, a mówiąc dokładniej tzw. romance scam. Za pośrednictwem złośliwej aplikacji udającej platformę do randkowania, cyberprzestępcy instalowali spyware GhostChat (Android/Spy.GhostChat.A). Jego głównym zadaniem była skryta eksfiltracja danych użytkownika. TLDR: W raporcie nie zostało sprecyzowane...
#Aktualności #Teksty #Clickfix #Eset #Ghostchat #Spyware #Whatsapp
Eksfiltracja danych, przejęcie konta na WhatsApp – a wszystko przez aplikację randkową GhostChat https://sekurak.pl/eksfiltracja-danych-przejecie-konta-na-whatsapp-a-wszystko-przez-aplikacje-randkowa-ghostchat/ #Aktualnoci #Teksty #Clickfix #Eset #Ghostchat #Spyware #Whatsapp
#Hacktivist scrapes over 500,000 #stalkerware customers’ payment records
#privacy #cybersecurity #spyware #DataBreach #Geofinder #uMobix #Peekviewer #Glassagram #Struktura
Verdacht auf Android-Spyware? Diese 10-Punkte-Checkliste zeigt Schritte zum Prüfen, Entfernen und Absichern von Konten – ohne Panik, aber systematisch. 👇
https://www.kuketz-blog.de/android-spyware-in-10-schritten-erkennen-und-entfernen/
#adnroid #security #sicherheit #hack #hacking #surveillance #spyware #schadsoftware
Tech Crunch: Hacktivist scrapes over 500,000 stalkerware customers’ payment records https://techcrunch.com/2026/02/09/hacktivist-scrapes-over-500000-stalkerware-customers-payment-records/ @TechCrunch @zackwhittaker @lorenzofb #infosec #spyware #privacy
"Germany's Federal Office for the Protection of the Constitution (aka Bundesamt für Verfassungsschutz or BfV) and Federal Office for Information Security (BSI) have issued a joint advisory warning of a malicious cyber campaign undertaken by a likely state-sponsored threat actor that involves carrying out phishing attacks over the Signal messaging app.
"The focus is on high-ranking targets in politics, the military, and diplomacy, as well as investigative journalists in Germany and Europe," the agencies said. "Unauthorized access to messenger accounts not only allows access to confidential private communications but also potentially compromises entire networks."
A noteworthy aspect of the campaign is that it does not involve the distribution of malware or the exploitation of any security vulnerability in the privacy-focused messaging platform. Rather, the end goal is to weaponize its legitimate features to obtain covert access to a victim's chats, along with their contact lists.
The attack chain is as follows: the threat actors masquerade as "Signal Support" or a support chatbot named "Signal Security ChatBot" to initiate direct contact with prospective targets, urging them to provide a PIN or verification code received via SMS, or risk facing data loss."
https://thehackernews.com/2026/02/german-agencies-warn-of-signal-phishing.html
Don't be surprised if us government web pages are used to insert spyware onto your computers. I caught what should have been a static US Government web page using 330% CPU well over an hour after I first loaded it. I was wondering why my computer fan started to run hard. It doesn't even do that for playing two 4k video streams at the same time. #security #malware #spyware
General Motors sells detailed driver logs without your consent
People are lining up for a free TV that spies on you
This is why NOT to use bi-metrics as your smart phone lock! AND use LockDown mode if you have an iPhone!
https://www.404media.co/fbi-couldnt-get-into-wapo-reporters-iphone-because-it-had-lockdown-mode-enabled/ (login may be required) #Security #iPhone #LockDownMode #Biometrics #404Media #FBI #Spyware #Privacy #PersonalData
Alright team, it's been a busy 24 hours in the cyber world with some critical zero-days under active exploitation, a couple of significant breaches, new insights into nation-state tactics, and a stark warning about broken ransomware. Let's dive in:
Recent Cyber Attacks and Breaches 💸
- Step Finance, a Solana DeFi platform, lost approximately $40 million in digital assets after attackers compromised executive devices. While some assets were recovered, the incident has raised questions, including suspicions of a "rug pull."
- Coinbase confirmed an insider breach where a contractor improperly accessed data for about 30 customers. This highlights the ongoing threat of Business Process Outsourcing (BPO) firms being targeted through bribes, social engineering, or compromised accounts.
- The Police Service of Northern Ireland (PSNI) is offering a universal £7,500 compensation to staff affected by a 2023 data breach that exposed personal details, leading to safety risks and mental health issues for officers.
- Mexico's government is facing allegations from the Chronus Group of a 2.3TB data leak impacting 28% of the population. However, the Agencia de Transformación Digital y Telecomunicaciones (ATDT) has downplayed the claims, stating the data appears to be from older breaches.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/step-finance-says-compromised-execs-devices-led-to-40m-crypto-theft/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/coinbase-confirms-insider-breach-linked-to-leaked-support-tool-screenshots/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/psni_breach_compensation/
🕶️ Dark Reading | https://www.darkreading.com/cyberattacks-data-breaches/big-breach-or-nada-de-nada-mexican-govt-faces-leak-allegations
New Threat Research and Tradecraft 🕵️♀️
- Russia's APT28 (Fancy Bear) weaponised a newly patched Microsoft Office bug (CVE-2026-21509) in just three days. Their "Operation Neusploit" uses RTF documents and localised phishing to deploy credential stealers (MiniDoor) and backdoors (Covenant Grunt via PixyNetLoader).
- Nitrogen ransomware, specifically targeting VMware ESXi, has a critical programming error that corrupts the public key during encryption. This means victims' files cannot be decrypted, even if the ransom is paid, making recovery impossible.
- Microsoft warns that Python-based infostealers are rapidly expanding to target macOS environments. These campaigns use social engineering techniques like "ClickFix" lures and fake installers to distribute malware such as AMOS, MacSync, and DigitStealer, stealing credentials and sensitive data.
- A new EDR killer tool is abusing a legitimate but long-revoked EnCase kernel driver (EnPortv.sys) to disable 59 security tools. This "Bring Your Own Vulnerable Driver" (BYOVD) technique exploits Windows' driver signature enforcement exceptions for older certificates, bypassing protections like PPL.
- New research reveals that Predator spyware can turn off Apple's iOS camera and microphone recording indicators (the green and orange dots). This "elegantly simple" interception mechanism allows the spyware to operate stealthily, defeating a key user-facing security feature.
- While AI agents aren't yet capable of fully autonomous cyberattacks, they are proving highly effective for criminals in various stages of the attack chain. This includes automating vulnerability scanning and writing malicious code, though they still struggle with complex, multi-stage operations without human intervention.
🕶️ Dark Reading | https://www.darkreading.com/cyberattacks-data-breaches/russian-hackers-weaponize-office-bug-within-days
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/nitrogen_ransomware_broken_decryptor/
📰 The Hacker News | https://thehackernews.com/2026/02/microsoft-warns-python-infostealers.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/edr-killer-tool-uses-signed-kernel-driver-from-forensic-software/
🗞️ The Record | https://therecord.media/predator-spyware-iphone-camera-microphone-indicators
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/03/autonomous_cyberattacks_not_real_yet/
Actively Exploited Vulnerabilities and Zero-Days ⚠️
- Ivanti's Endpoint Manager Mobile (EPMM) is under active attack due to two critical zero-day vulnerabilities, CVE-2026-1281 and CVE-2026-1340 (CVSS 9.8). These flaws allow unauthenticated remote code execution, with CISA adding one to its KEV catalog. Patches are available, but a permanent fix is pending.
- CISA has added a critical SolarWinds Web Help Desk (WHD) RCE flaw, CVE-2025-40551 (CVSS 9.8), to its KEV catalog, confirming active exploitation. This untrusted data deserialization vulnerability allows unauthenticated attackers to execute OS commands, with federal agencies given a three-day deadline to patch.
- Two significant vulnerabilities have been found in Google Looker: CVE-2025-12743, an SQL injection allowing internal database data exfiltration, and a complex RCE chain. The RCE could lead to arbitrary code execution and potential cross-tenant access on Google Cloud Platform (GCP). Patching is advised but can be challenging.
- A five-year-old GitLab server-side request forgery (SSRF) flaw, CVE-2021-39935, has been added to CISA's KEV catalog due to active exploitation. This vulnerability allows unauthenticated external users to access the CI Lint API, posing a significant risk to the many exposed GitLab instances.
- CISA has confirmed that the VMware ESXi sandbox escape vulnerability, CVE-2025-22225, is now being actively exploited by ransomware gangs. This flaw, previously a zero-day, allows an arbitrary kernel write and sandbox escape, with Chinese-speaking threat actors suspected of chaining it with other vulnerabilities.
🤫 CyberScoop | https://cyberscoop.com/ivanti-endpoint-manager-mobile-zero-day-vulnerabilities-exploit/
📰 The Hacker News | https://thehackernews.com/2026/02/cisa-adds-actively-exploited-solarwinds.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/critical_solarwinds_web_help_desk/
🕶️ Dark Reading | https://www.darkreading.com/application-security/google-looker-bugs-cross-tenant-rce-data-exfil
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-warns-of-five-year-old-gitlab-flaw-exploited-in-attacks/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/cisa-vmware-esxi-flaw-now-exploited-in-ransomware-attacks/
Geopolitical Cyber and Regulatory Updates 🌐
- The US military reportedly used cyber weapons to disrupt Iranian air missile defense systems during 2025 strikes on its nuclear program. This "non-kinetic" operation targeted "aim points" in the network to prevent surface-to-air missile launches against American warplanes.
- Ukraine has implemented a mandatory "whitelist" for Starlink satellite internet terminals to counter Russian forces using the technology on attack drones. This measure, in cooperation with SpaceX, aims to make Russian drones harder to detect, jam, or shoot down.
- CISA is working on replacing the Critical Infrastructure Partnership Advisory Council (CIPAC) to foster broader and more specific discussions on cybersecurity and operational technology (OT) threats. They are also developing an AI information-sharing center (AI-ISAC) to coordinate with industry efforts.
- The Eclipse Foundation is mandating pre-publish security checks for extensions submitted to its Open VSX Registry. This proactive shift aims to combat supply chain threats by identifying and quarantining suspicious uploads, such as impersonation, leaked credentials, or known malicious patterns, before publication.
🗞️ The Record | https://therecord.media/iran-nuclear-cyber-strikes-us
🗞️ The Record | https://therecord.media/ukraine-tightens-starlink-controls-counter-russian-drones
🤫 CyberScoop | https://cyberscoop.com/whats-next-for-dhss-forthcoming-replacement-critical-infrastructure-protection-panel-ai-information-sharing/
📰 The Hacker News | https://thehackernews.com/2026/02/eclipse-foundation-mandates-pre-publish.html
Other Noteworthy News 📰
- Rui-Siang Lin, known as "Pharoah," has been sentenced to 30 years in prison for operating Incognito Market, a dark web narcotics marketplace that facilitated over $105 million in illegal drug sales. Lin also extorted users before shutting down the platform.
- Microsoft is rolling out native Sysmon functionality to Windows 11 systems enrolled in the Windows Insider program. This built-in System Monitor will enhance threat detection and hunting capabilities by logging system events, though it remains disabled by default.
- Cloud providers are rushing to offer "OpenClaw-as-a-service," despite strong warnings from Gartner. OpenClaw, an AI assistant platform, is described as "demonstrably insecure" due to plaintext credential storage and lack of default authentication, posing unacceptable cybersecurity risks.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/taiwanese-man-gets-30-years-for-operating-dark-web-drug-market/
🗞️ The Record | https://therecord.media/incognito-market-sentenced-thirty
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-native-windows-11-sysmon-security-monitoring/
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/02/04/cloud_hosted_openclaw/
#CyberSecurity #ThreatIntelligence #Vulnerabilities #ZeroDay #RCE #Ransomware #APT28 #Infostealer #MacOS #EDR #Spyware #AI #IncidentResponse #DataBreach #CyberWarfare #Starlink #CISA #InfoSec
Google fined for restrictive agreements on forking Android: GOOD!
FUTO's latest grantee loosens Google's grip on your phone: introducing Marvin Wißfeld of MicroG
Flere menneske-rettigheds-grupper advarer om, at den sanktionerede #spyware producent #NSO Group (#Pegasus) forsøger at knytte sig til politiske initiativer i forbindelse med Pall Mall-processen i et forsøg på at få sanktionerne ophævet og komme tilbage på markedet
https://therecord.media/spyware-maker-pall-mall-process-reputation
#Google oikeasti salakuuntelee puhelimia ja lukee sähköpostit ym.
https://mastodon.ar.al/@aral/116000462944591897
https://newrepublic.com/post/206088/homeland-security-67-year-old-us-citizen-criticized-email
