Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Stealit Malware Abuses Node.js Single Executable Feature via Game and VPN Installers

Cybersecurity researchers have disclosed details of an active malware campaign called Stealit that has leveraged Node.js' Single Executable Application (SEA) feature as a way to distribute its payloads. According to Fortinet FortiGuard Labs, select iterations have also employed the open-source Electron framework to deliver the malware. It's assessed that the malware is being propagated through

The Hacker News
Open in Source
#web#android#windows#google#microsoft#nodejs#js#auth#chrome#sap#The Hacker News
Millions of (very) private chats exposed by two AI companion apps

Two AI "girlfriend" apps have blabbed millions of intimate conversations from more than 400,000 users.

Fake VPN and streaming app drops malware that drains your bank account

Mobdro Pro IP TV + VPN hides Klopatra, a new Android Trojan that lets attackers steal banking credentials.

Fake TikTok and WhatsApp Apps Infect Android Devices with ClayRat Spyware

Zimperium's zLabs warns of ClayRat, a fast-spreading Android spyware targeting Russia. It hides in fake apps like TikTok and steals texts, calls records, and camera photos.

Apple Took Down These ICE-Tracking Apps. The Developers Aren't Giving Up

“We are going to do everything in our power to fight this,” says ICEBlock developer Joshua Aaron after Apple removed his app from the App Store.

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltrate SMS messages, call logs, notifications, and device information; taking photos with the front

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface. This edition of ThreatsDay Bulletin explores these converging risks and the safeguards that help

One stolen iPhone uncovered a network smuggling thousands of devices to China

Turns out Apple’s ‘Find My’ feature isn’t just for when your phone slips down the side of the couch.

Modeling scams see mature models as attractive new prospects

Modeling scammers are reinventing old tricks for the social media age—targeting not just the young, but older adults too.

“Can you test my game?” Fake itch.io pages spread hidden malware to gamers

One click, total mess. A convincing itch-style page can drop a stealthy stager instead of a game. Here’s how to spot it and what to do if you clicked.