Zero-days
A crypto wallet maker’s warning about an iMessage bug sounds like a false alarm
A crypto wallet maker claimed this week that hackers may be targeting people with an iMessage “zero-day” exploit — but all signs point to an exaggerated threat, if not a…
Featured Article
Price of zero-day exploits rises as companies harden products against hackers
Tools that allow government hackers to break into iPhones and Android phones, popular software like the Chrome and Safari browsers, and chat apps like WhatsApp and iMessage, are now worth millions of dollars — and their price has multiplied in the last few years as these products get harder to hack. On Monday, startup Crowdfense…
Featured Article
Spyware startup Variston is losing staff — some say it’s closing
In July 2022, someone sent Google a batch of malicious code that could be used to hack Chrome, Firefox, and PCs running Microsoft Defender. That code was part of an exploitation framework called Heliconia. And at the time, the exploits used to target those applications were zero-days, meaning the software makers were unaware of the…
Government hackers targeted iPhone owners with zero-days, Google says
Government hackers last year exploited three unknown vulnerabilities in Apple’s iPhone operating system to target victims with spyware developed by a European startup, according to Google. On Tuesday, Google’s Threat…
Zero-days for hacking WhatsApp are now worth millions of dollars
Thanks to improvements in security mechanisms and mitigations, hacking cell phones — both running iOS and Android — has become an expensive endeavor. That’s why hacking techniques for apps like…
Russian zero-day seller offers $20M for hacking Android and iPhones
A company that acquires and sells zero-day exploits — flaws in software that are unknown to the affected developer — is now offering to pay researchers $20 million for hacking…
US, Norway say hackers have been exploiting Ivanti zero-day since April
Hackers exploited a zero-day flaw in Ivanti’s mobile endpoint management software undetected for at least three months, U.S. and Norwegian cybersecurity agencies have warned. It was confirmed last week that…
Google says Apple employee found a zero-day but did not report it
Google fixed a zero-day in Chrome that was found by an Apple employee, according to comments in the official bug report. While the bug itself is not newsworthy, the circumstances…
Featured Article
Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward
Security researchers have linked to the notorious Clop ransomware gang a new wave of mass-hacks targeting a popular file transfer tool, as the first victims of the attacks begin to come forward. It was revealed last week that hackers are exploiting a newly discovered vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises…
Hackers launch another wave of mass-hacks targeting company file transfer tools
Security researchers are sounding the alarm after hackers were caught exploiting a newly discovered vulnerability in a popular file transfer tool used by thousands of organizations to launch a new…
Featured Article
Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say
Hackers using spyware made by a little known cyber mercenary company used malicious calendar invites to hack the iPhones of journalists, political opposition figures and an NGO worker, according to two reports. Researchers at Microsoft and the digital rights group Citizen Lab analyzed samples of malware they say was created by QuaDream, an Israeli spyware…
