Tag
#android
Plus: Secret IRS data-sharing with ICE, a 20-year-old hackable vulnerability in train brakes, and more.
Google on Thursday revealed it's pursuing legal action in New York federal court against 25 unnamed individuals or entities in China for allegedly operating BADBOX 2.0 botnet and residential proxy infrastructure. "The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open Source Project), which lacks Google's security protections,"
Google has released an update for its Chrome browser to patch six security vulnerabilities including one zero-day.
BADBOX variant BADBOX 2.0 found preinstalled on Android IoT devices in 222 countries, turning them into proxy nodes used in fraud and large-scale malicious activity.
A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.
Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package name: A benign "decoy" app that's hosted on the Google Play Store and its evil twin, which is
Using more than 600 domains, attackers entice Chinese-speaking victims to download a vulnerable Telegram app that is nearly undetectable on older versions of Android.
Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users.
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Energy Asset Suite Vulnerabilities: Incomplete List of Disallowed Inputs, Plaintext Storage of a Password, Out-of-bounds Write, Release of Invalid Pointer or Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to the target equipment, perform remote code executions, or escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Asset Suite AnyWhere for Inventory (AWI) Android mobile app: Versions 11.5 and prior (CVE-2019-9262, CVE-2019-9429, CVE-2019-9256, CVE-2019-9290) Asset Suite 9 series: Version 9.6.4.4 (CVE-2025-1484, CVE-2025-2500) Asset Suite 9 series: Version 9.7 (CVE-2025-2500) 3.2 VULNERABILITY OVERVIEW 3.2.1 INCOMPLETE LIST OF DISALLOWED INPUTS CWE-184 A vulnerability exists in the media upload compon...
Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app marketplace. The malware, disguised as a "PDF Update" to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their banking application, claiming