Mobile Threats

Apple Patches iOS Vulnerability That Allowed FBI to Recover Deleted Signal Messages

Apple has released important security updates to fix a flaw in its iOS and iPadOS systems that could allow previously deleted notifications, including messages from Signal, to remain stored on devices. Vulnerability Details The issue, identified as CVE-2026-28950, was linked to how notification data was handled internally. Instead of being fully removed, certain notifications marked for deletion were […]

Apple Patches iOS Vulnerability That Allowed FBI to Recover Deleted Signal Messages Read More »

Microsoft Warns of WhatsApp-Delivered VBS Malware Exploiting UAC Bypass on Windows

Microsoft has issued a warning about a newly discovered cyber campaign that uses WhatsApp to distribute malicious Visual Basic Script (VBS) files. The attack chain is designed to compromise Windows systems, establish persistence, and gain elevated privileges through stealth techniques. Attack Begins with Social Engineering The campaign, first observed in late February 2026, relies heavily on social engineering

Microsoft Warns of WhatsApp-Delivered VBS Malware Exploiting UAC Bypass on Windows Read More »

Google Introduces 24 Hour Delay for Unverified App Sideloading to Curb Malware and Scams

Google has unveiled a new security measure aimed at reducing malware infections and online scams on Android devices. The update introduces an “advanced flow” for sideloading apps, requiring users to wait 24 hours before installing applications from unverified developers. This move is designed to strengthen user protection while still preserving Android’s flexibility and openness. The

Google Introduces 24 Hour Delay for Unverified App Sideloading to Curb Malware and Scams Read More »

Apple Alerts That Older iPhones Are Vulnerable to Coruna and DarkSword Exploit Kit Attacks

Apple has released an urgent security advisory, cautioning users who are still operating older versions of iOS to immediately update their devices. The warning highlights active cyberattacks carried out using advanced exploit kits such as Coruna and DarkSword, which are targeting outdated iPhones through malicious web content. These exploit kits are designed to take advantage

Apple Alerts That Older iPhones Are Vulnerable to Coruna and DarkSword Exploit Kit Attacks Read More »

New Perseus Android Banking Malware Monitors Notes Apps to Steal Sensitive Data

Cybersecurity researchers have identified a new Android malware strain called Perseus, which is actively being deployed to perform device takeover (DTO) and financial fraud. The malware is designed to compromise Android devices, steal sensitive information, and enable attackers to control infected systems remotely. According to ThreatFabric, Perseus builds upon earlier malware families like Cerberus and

New Perseus Android Banking Malware Monitors Notes Apps to Steal Sensitive Data Read More »

DarkSword iOS Exploit Kit Uses Six Vulnerabilities Including Three Zero Days for Full Device Takeover

A sophisticated iOS exploit framework known as DarkSword has been actively used by multiple threat actors since late 2025 to compromise Apple devices and extract sensitive user data. Research from Google Threat Intelligence Group (GTIG), iVerify, and Lookout reveals that the exploit kit enables near-complete device takeover with minimal user interaction. DarkSword has been deployed

DarkSword iOS Exploit Kit Uses Six Vulnerabilities Including Three Zero Days for Full Device Takeover Read More »

Apple Patches WebKit Flaw Allowing Same Origin Policy Bypass on iOS and macOS

Technology company Apple has released a new security update to address a vulnerability in the WebKit engine that could allow attackers to bypass important browser security protections on its operating systems. The issue, tracked as CVE-2026-20643, affects devices running iOS, iPadOS, and macOS. According to Apple, the flaw could allow malicious websites to bypass the

Apple Patches WebKit Flaw Allowing Same Origin Policy Bypass on iOS and macOS Read More »

ClickFix Campaigns Distribute MacSync macOS Infostealer Through Fake AI Tool Installers

Cybersecurity researchers have identified multiple ClickFix malware campaigns distributing a macOS information stealing malware known as MacSync. The campaigns rely heavily on social engineering techniques that trick users into manually executing malicious commands in the macOS Terminal. Security experts from Sophos explained that the attacks differ from traditional exploit driven campaigns. Instead of exploiting software

ClickFix Campaigns Distribute MacSync macOS Infostealer Through Fake AI Tool Installers Read More »

Android 17 Restricts Accessibility API Access to Stop Malware Abuse

Google is currently testing a new security control in Android 17 that prevents certain applications from accessing the system’s Accessibility Services API. The feature is being introduced as part of Android Advanced Protection Mode (AAPM), a security setting designed to protect users from advanced cyber threats. The change appeared in Android 17 Beta 2, according

Android 17 Restricts Accessibility API Access to Stop Malware Abuse Read More »

Rust Based VENON Malware Targets 33 Brazilian Banks with Credential Stealing Overlays

Security updates have been released by Veeam to address several serious vulnerabilities in its Backup & Replication platform. If successfully exploited, these security flaws could allow attackers to execute malicious code remotely and compromise backup infrastructure. The vulnerabilities impact multiple builds of Veeam Backup & Replication, one of the most widely used enterprise backup and

Rust Based VENON Malware Targets 33 Brazilian Banks with Credential Stealing Overlays Read More »