Skip to main content

Tag: mobile security

107 articles

Smartphone on a neutral surface with blurred background and abstract screen pattern.

EU Orders Google to Open Android to Rival AI Assistants

Google is now required to open up Android to rival AI assistants, a move the company claims could compromise device security by giving external apps sensitive permissions. The European Commission's order, made under the Digital Markets Act, forces Google to grant third-party AI assistants access to Android sensors and system features.

Analyst 207
Hand reaches for Android smartphone with blurred lock screen on a flat surface.

Google scrambles to fix Android bug that lets Gemini bypass lock screen security

Google is racing to squash a newly discovered Android bug that allows sneaky users to bypass lock screen security and send SMS or WhatsApp messages using Gemini, all without entering the device PIN. A fix has already been implemented and is set to roll out this week.

Analyst 207
Smartphone and laptop sit on cluttered home office desk near a window.

RedHook Android Malware Exploits Wireless ADB for Shell Access

Meet RedHook, a sneaky Android malware that's taking advantage of Wireless ADB and Accessibility features to gain shell-level control over your device - and it can be controlled remotely with 53 server-issued commands. This clever malware tricks victims into granting permissions, then takes control, making it a serious threat to your digital security.

Analyst 207
Smartphone on a neutral surface with Google Play Store open, surrounded by app icons and a blurred cityscape or home office…

Free Android VPN Apps Expose User Traffic, Fail Basic Security Tests

Over 2.4 billion installs of free Android VPN apps have potentially exposed users to security risks, according to a recent study that revealed these apps fail basic security tests. A new testing framework called MVPNalyzer was used to evaluate the apps and uncovered alarming vulnerabilities, including the serious flaw of tunnel hijacking.

Analyst 207
Dimly lit storefront at night with scattered neon signs and a blank smartphone screen on a cluttered counter.

RedWing Malware Targets Android Users with Bank Fraud as a Service

A new, ready-to-use bank-fraud tool called RedWing is being rented on Telegram, allowing even novice criminals to hijack Android users' phones and steal their banking information. This malicious kit is sold as a complete package, complete with step-by-step guides and how-to videos, making it alarmingly easy for scammers to get started.

Analyst 207
Smartphone displays AI chatbot interface on a clean, minimalist surface with a laptop in the background.

iOS AI Apps Expose API Keys, Open AI Proxy Access

Nearly two-thirds of AI chatbot apps for iPhone, that's 282 out of 444 tested, are leaking sensitive API keys, leaving users' data vulnerable to exposure through open AI proxy access. This alarming discovery highlights a critical security gap in many popular iOS AI apps.

Analyst 207
Devices with blank screens sit on a table in a public area, surrounded by people in the background.

AirDrop and Quick Share Flaws Expose Devices to Local Attacks

Millions of devices are vulnerable to local attacks due to flaws in popular sharing services like AirDrop and Samsung Quick Share, discovered by researchers Arash Ale Ebrahim and Nils Ole Tippenhauer. They found six distinct flaws that can be exploited by nearby attackers to crash services or bypass security checks.

Analyst 207
Secret Service agent in airport terminal looks concerned at personal smartphone.

US Secret Service Exposes Agents to Cyber Risk with Lax Mobile Security

The US Secret Service is putting its agents at risk of cyber attacks by allowing them to use personal phones for work, with over 15,000 instances of unsecured calls made during critical operations. This lax mobile security leaves them vulnerable to hackers, despite having access to supposedly secure government-issued devices.

Analyst 207
Person looks concerned while checking phone in cluttered living room with open laptop and shopping boxes nearby.

Scammers Exploit Shop App to Fuel Callback Phishing Attacks

Beware of scammers exploiting the popular Shop app, with 50 million downloads, to trick you into callback phishing attacks with fake purchase receipts and phony support agents. They're impersonating big brands like Norton and Apple to steal your account credentials and sensitive info.

Analyst 207
Smartphone on a neutral surface with blurred screen, set against a cityscape background.

Google Tightens Android App Verification Rules Ahead of Sept. 30 Deadline

Get ready for a safer app experience on Android! As of September 30, 2026, Google will start enforcing developer verification, blocking installs of unverified apps on certified phones in Brazil, Indonesia, Singapore, and Thailand.

Analyst 207
Close-up of a circuit board with a USB controller chip on a lab bench.

Unpatchable Apple BootROM Flaw Targets A12, A13 Chips

A newly discovered Apple BootROM flaw affecting A12 and A13 chips poses a lifelong security risk to affected devices, as the issue is embedded in unchangeable code that can't be fixed with a simple software update. This vulnerability, known as usbliter8, is a complex combination of hardware and firmware flaws that creates a pathway to compromise the boot chain on impacted Apple systems.

Analyst 207
Close-up of a smartphone's circuit board with blurred background, components out of focus.

BootROM Exploit Targets Millions of iPhones

Millions of iPhones are vulnerable to a newly discovered BootROM exploit, known as "usbliter8", that can't be fixed with software updates because it's embedded in the device's hardware. This means iPhones with A12 and A13 processors will be at risk for the rest of their lifespan.

Analyst 207
Person holding smartphone with blank screen in public setting.

Rokarolla Malware Targets 217 Banking and Crypto Apps

Beware: the Rokarolla malware is targeting 217 banking and crypto apps, allowing hackers to seize near-total control of your Android phone. It disguises itself as legitimate apps, often sneaking in through malicious websites offering fake Chrome or TikTok downloads.

Analyst 207
Smartphone on cluttered table with blurred screen, surrounded by scattered financial papers.

Rokarolla Malware Targets Android Banking Apps with 137 Commands

Meet Rokarolla, a sneaky Android banking trojan that's taking aim at 217 banking and cryptocurrency apps with an arsenal of 137 remote commands, giving attackers alarming control over infected phones. This malicious malware is designed to outsmart even Google's Play Protect defenses, putting your financial security at risk.

Analyst 207
Person holds smartphone with blurred screen in a public area, expression neutral.

Rokarolla Trojan Enables Unseen Banking Fraud via Device Takeover

Meet Rokarolla, a sneaky Android banking trojan that's taking device takeover to a whole new level, allowing scammers to isolate and exploit victims like never before. This malicious malware doesn't just steal credentials - it gives attackers total control over your phone.

Analyst 207
Smartphone with blank screen on a plain surface in a government setting.

FCC Proposes Sweeping Phone Data Collection to Curb Burner Phones

The FCC is taking aim at burner phones with a new proposal that would require telecom carriers to collect and store personal info on virtually all customers, effectively ending anonymity for prepaid phone users. If implemented, this rule would revolutionize how phone plans are obtained and used across the country.

Analyst 207
Mobile phone on a plain surface with a blurred text message interface and a blurred cityscape in the background.

Google Disrupts Chinese Smishing Network Tied to AI-Generated Phishing Attacks

Google just took down a massive Chinese smishing network that used AI-generated phishing pages to scam millions of mobile users, and is now suing to dismantle the operation for good. The tech giant is teaming up with major carriers like AT&T, T-Mobile, and Verizon to block the fraudulent texts and shut down the Phishing-as-a-Service business.

Analyst 207
Secure mobile gateway appliance on a plain surface with a clean, minimalist background.

Ivanti Patches Zero-Day Flaw Allowing Root Code Execution

Ivanti has patched a high-risk zero-day flaw that could let hackers run malicious code with root access, and fortunately, there are no known cases of exploitation so far. The vulnerability, tracked as CVE-2026-10520, affects the company's Sentry secure mobile gateway and allows for OS command injection permitting root execution.

Analyst 207
Person sits at laptop in European café, face downcast, with blurred cityscape and bank storefront in background.

Android Malware NFCShare Targets Europe Banks via GitHub Updates

Malicious actors are using GitHub to spread new variants of the NFCShare Android malware, disguising them as banking app updates to target customers of European banks. Victims are first lured into downloading the malware through phishing sites that mimic real banks, where they're prompted to install a fake update.

Analyst 207
Smartphone on cluttered desk in Middle Eastern-style room with Arabic patterns, beside newspapers and manual.

ESET Exposes Android Spyware Asin Targeting Arabic Users

Malicious apps masquerading as legitimate tools have been targeting Arabic-speaking Android users, packing stealthy spyware capabilities that allow them to siphon off sensitive information. These fake apps, part of a spyware cluster called Asin, are being spread through fraudulent websites and social accounts.

Analyst 207
Smartphone on a neutral surface with a blurred mobile app interface and a hint of a cityscape through a nearby window.

Microsoft 365 Android Apps Expose Account Tokens Due to Debug Flag Oversight

A single line of code, "setIsDebugMode(true)," inadvertently left in multiple Microsoft 365 Android apps, created a gaping security hole that allowed other apps on the same phone to access sensitive account tokens without user permission. This tiny oversight, discovered by Enclave's Yanir Tsarimi and Ofek Levin, exposed users to potential security risks.

Analyst 207
Smartphone with notification on screen, surrounded by everyday objects.

Google Gemini on Android Exposed to Notification-Based Hijacking

Researchers have uncovered a vulnerability in Google Gemini on Android that allows hackers to hijack the assistant using a single hostile notification, no malicious app required. This shocking exploit lets anyone able to push a notification to a device deliver a payload and take control.

Analyst 207
Smartphone on a neutral surface with blurred background.

CISA Warns of Active Exploits Targeting Android, Linux Flaws

A high-severity Android flaw, CVE-2025-48595, is being actively exploited in targeted attacks, allowing hackers to gain increased privileges without needing any user interaction. This critical vulnerability affects Android 14-16 and has prompted CISA to add it to its list of Known Exploited Vulnerabilities.

Analyst 207
Smartphone on a lab surface surrounded by blurred testing tools near a window.

Google Patches Actively Exploited Android Flaw Amid June Update

Google just dropped a crucial security update for Android, fixing 124 vulnerabilities, including a high-severity flaw that's being actively exploited - don't wait, patch up your device now! This critical fix tackles a privilege escalation bug that can be triggered without any user interaction, putting your data at risk.

Analyst 207