Spyware
ScarCruft hackers push BirdCall Android malware via game platform
The North Korean hacker group APT37 has been delivering an Android version of a backdoor called BirdCall in a supply-chain attack through a video game platform. While BirdCall is a known backdoor for Windows systems, APT37, also known as ScarCruft and Ricochet Chollima, has developed a variant for Android that doubles as spyware. According to […]
CISA warns feds to patch iOS flaws exploited in crypto-theft attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. As Google Threat Intelligence Group (GTIG) researchers revealed earlier this week, Coruna uses multiple exploit chains targeting 23 iOS vulnerabilities, many of which were deployed in zero-day attacks. […]
Google says 90 zero-days were exploited in attacks last year
Google Threat Intelligence Group (GTIG) tracked 90 zero-day vulnerabilities actively exploited throughout 2025, almost half of them in enterprise software and appliances. The figure is a 15% increase compared to 2024, when 78 zero-days were exploited in the wild, but lower than the record 100 zero days tracked in 2023. Zero-day vulnerabilities are security issues […]
Predator spyware hooks iOS SpringBoard to hide mic, camera activity
Intellexa’s Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators. The malware does not exploit any iOS vulnerability but leverages previously obtained kernel-level access to hijack system indicators that would otherwise expose its surveillance operation. Apple introduced recording indicators on the status bar in iOS 14 to alert […]
ZeroDayRAT malware grants full access to Android, iOS devices
A new commercial mobile spyware platform dubbed ZeroDayRAT is being advertised to cybercriminals on Telegram as a tool that provides full remote control over compromised Android and iOS devices. The malware provides buyers with a full-featured panel for managing infected devices, reportedly supporting Android 5 through 16 and iOS up to version 26 latest. Researchers […]
New WhatsApp lockdown feature protects high-risk users from hackers
Meta has started rolling out a new WhatsApp lockdown-style security feature designed to protect journalists, public figures, and other high-risk individuals from sophisticated threats, including spyware attacks. Known as “Strict Account Settings,” this new feature builds on already existing end-to-end encryption by adding extreme safeguards for users who require heightened protection beyond standard security measures. […]
Predator spyware uses new infection vector for zero-click attacks
The Predator spyware from surveillance company Intellexa has been using a zero-click infection mechanism dubbed “Aladdin,” which compromised specific targets by simply viewing a malicious advertisement. This powerful and previously unknown infection vector is meticulously hidden behind shell companies spread across multiple countries, now uncovered in a new joint investigation by Inside Story, Haaretz, and WAV Research Collective. […]
ShadyPanda browser extensions amass 4.3M installs in malicious campaign
A long-running malware operation known as “ShadyPanda” has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. The operation, discovered by Koi Security, unfolded in distinct phases that gradually introduced additional malicious functionality, turning the browser extension from a legitimate tool into spyware. The ShadyPanda campaign consists […]
Google to flag Android apps with excessive battery use on the Play Store
Google will start taking action on Android apps in the official Google Play store that have high background activity and cause excessive battery draining. Apps that exceed a “bad behavior threshold” may be flagged on Google Play for negatively impacting battery performance and may affect their visibility in the Android ecosystem. Developers have until March 1, 2026, […]
New LandFall spyware exploited Samsung zero-day via WhatsApp messages
A threat actor exploited a zero-day vulnerability in Samsung’s Android image processing library to deploy a previously unknown spyware called ‘LandFall’ using malicious images sent over WhatsApp. The security issue was patched this year in April, but researchers found evidence that the LandFall operation was active since at least July 2024, and targeted select Samsung Galaxy […]