ICYMI... 🫩🫠

https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
;
See also:
https://youtu.be/FDeMq8W4-sU
•
https://nvd.nist.gov/vuln/detail/CVE-2025-48561
•
https://www.pixnapping.com/pixnapping.pdf
•
Also;
“... As of October 2025, Google has not committed to patching our app list bypass vulnerability. They resolved our report as "won't fix (infeasible)".”

#android #landfall #malware #exploit #hardwarevulnerability #pixnapping #TAC_UCB #PixnappingAttack #maliciousapp #rendering #compositing #vsync #masking #encoding #surfaceflinger #callback

And this is why not just any program can take screenshots on most #Wayland compositors:

https://www.pixnapping.com/

Google despite the difficulties when exploiting this, classified #Pixnapping as "High Severity".

Hier ein Reminder, warum bei den meisten #Wayland-Compositoren nicht jedes X-beliebige Programm Screenshots machen darf, schließlich stufte Google die #Pixnapping-Lücke trotz ihrer Widrigkeiten als "High Severity" ein:

https://www.pixnapping.com/

📢 Une attaque dite « Pixnapping » peut être réalisée par une application malveillante ne nécessitant aucune permission sous Android
📝 ...
📖 cyberveille : https://cyberveille.ch/posts/2025-10-16-une-attaque-dite-pixnapping-peut-etre-realisee-par-une-application-malveillante-ne-necessitant-aucune-permission-sous-android/
🌐 source : https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/
#Pixnapping #application_malveillante #Cyberveille

#pixnapping #attacco Pixnapping, l’attacco che in meno di 30 secondi ruba i codici 2FA a Pixel e Samsung Galaxy

https://www.quellochenoncidicono.site/articles/2025/10/16/pixnapping-l-attacco-che-in-meno-di-30-secondi-ruba-i-codici-2fa-a-pixel-e-samsung-galaxy.html

A New #Attack Lets #Hackers Steal 2-Factor #Authentication Codes From #Android Phones

The malicious app required to make a “Pixnapping” attack work requires no permissions.
#Pixnapping #security #2fa

https://www.wired.com/story/a-new-attack-lets-hackers-steal-2-factor-authentication-codes-from-android-phones/

Tremenda virguería de vulnerabilidad en Android. Provoca una mezcla de pánico y ganas de levantarse a aplaudir bastante desconcertante :flan_hacker: :flan_yikes: :flan_guns:

https://www.pixnapping.com/

#android #seguridad #mfa #2fa #pixnapping

🚨 Alert: #Android is now a buffet for hackers! 🍽️ Thanks to "Pixnapping," the latest malady where evil apps can swipe your secrets faster than you can say "Oops!" Google and Samsung phones are wide open, but hey, at least they serve your 2FA codes on a silver platter! 🥳🔓
https://www.pixnapping.com/ #Hacks #Pixnapping #Cybersecurity #2FACodes #HackerAlert #HackerNews #ngated

Pixnapping Attack

https://www.pixnapping.com/

#HackerNews #Pixnapping #Attack #Cybersecurity #Threats #DigitalSafety #PrivacyConcerns #TechNews

Falha do Android coloca em risco códigos de segurança e mensagens

https://fed.brid.gy/r/https://tecnoblog.net/noticias/falha-do-android-coloca-em-risco-codigos-de-seguranca-e-mensagens/

Pixnapping für Android - und nach nur 30 Sekunden war der Angriff auf den Google-Authenticator erfolgreich - ohne dass User:innen es bemerken!

Pixnapping ist eine neue Art von Angriffen, bei denen eine bösartige Android‑App heimlich Informationen, die von anderen Android‑Apps oder beliebigen Websites angezeigt werden, ausspionieren kann. Pixnapping nutzt Android‑APIs sowie einen hardwarebasierten Seitenkanal aus, der fast alle modernen Android‑Geräte betrifft. Wir haben Pixnapping‑Angriffe auf Google‑ und Samsung‑Handys demonstriert und dabei sensibel­e Daten von Websites wie Gmail und Google‑Konten sowie von Apps wie Signal, Google Authenticator, Venmo und Google Maps vollständig wiederhergestellt.

https://www.pixnapping.com/

#android #pixnapping #infosec

Did you hear? Hackers can now steal your 2FA codes pixel by pixel on Android—even bypassing recent security patches. Your phone's own screen might be revealing more than you think. Find out how this tech twist threatens our security.

https://thedefendopsdiaries.com/pixnapping-how-a-new-android-side-channel-attack-steals-2fa-codes-pixel-by-pixel/

#pixnapping
#androidsecurity
#sidechannelattack
#2fa
#cyberthreats

Pixnapping: furto pixel su Android mette a rischio 2FA
#2FA #Android #CyberSecurity #DatiSensibili #Google #Hacker #Pixnapping #Privacy #Samsung #Sicurezza #Smartphone #TechNews #Vulnerabilità

https://www.ceotech.it/pixnapping-furto-pixel-su-android-mette-a-rischio-2fa/

🔒 Security News Digest - 2025-10-14

📊 17 updates from 5 sources:

🔹 SecurityWeek: Fraud Prevention Firm Resistant AI Raises $25 Million
https://www.securityweek.com/fraud-prevention-firm-resistant-ai-raises-25-million/

🔹 Security Boulevard: Unsupported OpenJDK in Financial Systems: Hidden Risks
https://securityboulevard.com/2025/10/unsupported-openjdk-in-financial-systems-hidden-risks/

🔹 Security Boulevard: SSH Proxy, Using a Jumphost
https://securityboulevard.com/2025/10/ssh-proxy-using-a-jumphost/

🔹 BleepingComputer: Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops
https://www.bleepingcomputer.com/news/security/secure-boot-bypass-risk-on-nearly-200-000-linux-framework-sytems/

🔹 Security News | TechCrunch: Satellites found exposing unencrypted data, including phone calls and some military comms
https://techcrunch.com/2025/10/14/satellites-found-exposing-unencrypted-data-including-phone-calls-and-some-military-comms/

🔹 SecurityWeek: SAP Patches Critical Vulnerabilities in NetWeaver, Print Service, SRM
https://www.securityweek.com/sap-patches-critical-vulnerabilities-in-netweaver-print-service-srm/

🔹 Security Boulevard: Sweet Security Named Cloud Security Leader and CADR Leader in Latio Cloud Security Report
https://securityboulevard.com/2025/10/sweet-security-named-cloud-security-leader-and-cadr-leader-in-latio-cloud-security-report/

🔹 BleepingComputer: When AI Agents Join the Teams: The Hidden Security Shifts No One Expects
https://www.bleepingcomputer.com/news/security/when-ai-agents-join-the-teams-the-hidden-security-shifts-no-one-expects/

🔹 Security Boulevard: 6 Signs Your Point of Sale Systems are Under Attack
https://securityboulevard.com/2025/10/6-signs-your-point-of-sale-systems-are-under-attack/

🔹 BleepingComputer: Security firms debate CVE credit in overlapping vulnerability reports
https://www.bleepingcomputer.com/news/security/security-firms-debate-cve-credit-in-overlapping-vulnerability-reports/

🔹 SecurityWeek: Cybereason Acquired by MSSP Giant LevelBlue
https://www.securityweek.com/cybereason-acquired-by-mssp-giant-levelblue/

🔹 BleepingComputer: Microsoft warns that Windows 10 reaches end of support today
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-that-windows-10-reaches-end-of-support-today/

🔹 Security Boulevard: #Pixnapping: Android Timing Attack Sends Google Back to the Drawing Board
https://securityboulevard.com/2025/10/pixnapping-android-attack-richixbw/

🔹 The Record from Recorded Future News: Qantas confirms cybercriminals released stolen customer data
https://therecord.media/qantas-cybercriminals-stolen-data

🔹 The Record from Recorded Future News: Taiwan reports surge in Chinese cyber activity and disinformation efforts
https://therecord.media/taiwan-nsb-report-china-surge-cyberattacks-influence-operations

🔹 SecurityWeek: HyperBunker Raises Seed Funding to Launch Next-Generation Anti-Ransomware Device
https://www.securityweek.com/hyperbunker-raises-seed-funding-to-launch-next-generation-anti-ransomware-device/

🔹 The Record from Recorded Future News: California enacts age verification, chatbot laws
https://therecord.media/california-enacts-age-verification-chatbot-laws

#InfoSec #SecurityNews

Researchers discover a new way to steal secrets from #Android apps.

Anything any Android app can display is vulnerable to the #Pixnapping attack—including #2FA codes. That’s the worrying claim from a group of researchers this week. “It’s like Rowhammer, but for the screen,” quips one wag.

Google thought it had already fixed the previously undisclosed flaw. But the group’s demo says not. In #SBBlogwatch, we blur the pels.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/10/pixnapping-android-attack-richixbw/?utm_source=richisoc&utm_medium=social&utm_content=richisoc&utm_campaign=richisoc

New #Pixnapping Attack allows any Android app without permissions to leak info displayed by other apps exploiting Android APIs and a hardware side channel (CVE-2025-48561). Not fixed yet. Effect all Android devices.

PoC: NA

Video demonstrates stealing 2FA codes from Google Authenticator. It's like taking screenshot. Pixnapping exploits a side channel that allows the malicious app to map the pixels at those coordinates to letters, numbers, or shapes.

Research paper 📜
https://www.pixnapping.com/pixnapping.pdf

Hackers can steal 2FA codes and private messages from Android phones https://arstechni.ca/nGsq #sidechannel #pixnapping #Security #android #privacy #Biz&IT #Google

#Android devices are #vulnerable to a new #attack that can covertly steal #2FA codes, #location timelines, and other private data in less than 30 seconds.

The new attack, named #Pixnapping by the team of academic researchers who devised it, requires a victim to first install a #malicious app on an Android phone or tablet. The app, which requires no system permissions, can then effectively read data that any other installed app displays on the screen.
#security #privacy

https://arstechnica.com/security/2025/10/no-fix-yet-for-attack-that-lets-hackers-pluck-2fa-codes-from-android-phones/

We found a way for any Android app to stealthily leak information displayed by other apps or arbitrary websites (e.g., emails, 2FA codes, and private messages). How is that possible? With #pixnapping!

https://www.pixnapping.com