Security
Headlines
HeadlinesLatestCVEs

Tag

#android

New Telekopye Scam Toolkit Targeting Booking.com and Airbnb Users

ESET Research found the Telekopye scam network targeting Booking.com and Airbnb. Scammers use phishing pages via compromised accounts…

HackRead
Open in Source
#vulnerability#web#android#git#auth
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant said in an analysis published last week. First spotted in the wild in 2019, TrickMo is so named for

Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices

Octo2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This…

Android GKI Kernels Use-After-Free

Android GKI kernels contain broken non-upstream Speculative Page Faults MM code that can lead to use-after-free conditions.

OpenAI Blocks 20 Global Malicious Campaigns Using AI for Cybercrime and Disinformation

OpenAI on Wednesday said it has disrupted more than 20 operations and deceptive networks across the world that attempted to use its platform for malicious purposes since the start of the year. This activity encompassed debugging malware, writing articles for websites, generating biographies for social media accounts, and creating AI-generated profile pictures for fake accounts on X. "Threat

Microsoft Issues Security Update Fixing 118 Flaws, Two Actively Exploited in the Wild

Microsoft has released security updates to fix a total of 118 vulnerabilities across its software portfolio, two of which have come under active exploitation in the wild. Of the 118 flaws, three are rated Critical, 113 are rated Important, and two are rated Moderate in severity. The Patch Tuesday update doesn't include the 25 additional flaws that the tech giant addressed in its Chromium-based

CVE-2024-43604: Outlook for Android Elevation of Privilege Vulnerability

**According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do?** This vulnerability requires that a user with an affected version of Outlook open a malicious meeting or appointment invite from the attacker.

Mideast, Turkey Cyber Threats Spike, Prompting Defense Changes

The vast majority of organizations in the region saw more attacks in the past year, but most don't feel prepared for future incidents.

Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits

Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to "memory corruption

iPhone flaw could read your saved passwords out loud. Update now!

Apple has fixed a security issue in iOS (and iPadOS) that could have leaked a user's passwords through the VoiceOver feature.