seen from Yemen
seen from Czechia
seen from Germany
seen from United States
seen from China
seen from United States
seen from United States
seen from United States
seen from China
seen from Somalia
seen from T1
seen from Czechia
seen from United States
seen from Türkiye
seen from Japan
seen from Australia
seen from United States
seen from Netherlands
seen from China
seen from Czechia
Android Mod Tool Abused to Break Payment App Security in India
Attackers weaponise the LSPosed framework to bypass SIM-binding in payment apps, intercepting SMS, spoofing identities, and funnelling OTPs to Telegram for real-time fraud.
Source: CloudSEK
Read more: CyberSecBrief
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
Bluetooth Headphones Turned Into Tracking Beacons
A flaw in Google Fast Pair lets attackers hijack popular earbuds and headphones, enabling covert pairing, tracking, and eavesdropping.
Source: WhisperPair (KU Leuven COSIC)
Read more: CyberSecBrief
Weekly Cybersecurity Briefing (20 October – 26 October 2025)
A week marked by widespread cloud disruption, active exploitation of critical server flaws, and an escalation in developer supply‑chain threats.
AWS experienced a DNS and load‑balancer outage that disrupted major consumer and developer services and spurred opportunistic phishing campaigns.
CISA added multiple actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalogue, including a Windows SMB privilege escalation and Adobe/Oracle issues.
A critical WSUS deserialisation flaw (CVE‑2025‑59287) was patched after proof‑of‑concept exploits and active attacks were reported.
Developer supply‑chain risks intensified as GlassWorm self‑propagating malware and TARmageddon tar‑parser flaws targeted extension ecosystems and libraries.
State‑linked espionage and ransomware activity continued, with new toolkits and resurgent RaaS operations observed across multiple campaigns.
Source: CyberSecBrief
Romance Scams Turn Android Phones into Spying Tools
Romance bait is being weaponised to quietly install GhostChat spyware on Android devices, siphoning private data while chats appear safely routed through WhatsApp.
Source: CyberSecBrief
Coruna iOS Exploit Kit Hits Devices Across 13.0–17.2.1
A sophisticated iOS exploit kit named Coruna is targeting iPhones with 23 exploits, stealing cryptocurrency wallets and sensitive data for espionage and financial attackers.
Source: Google Threat Intelligence Group
Read more: CyberSecBrief
Anya is live and ready to show you everything. Watch her strip, dance, and perform exclusive shows just for you. Interact in real-time and make your fantasies come true.
Free to watch • No registration required • HD streaming
Predator Spyware Silences iPhone Camera & Mic Alerts
Predator spyware hooks into iOS SpringBoard APIs to suppress camera and microphone indicators, allowing covert recording after full device compromise without triggering Apple’s visual privacy alerts.
Source: Jamf
Read more: CyberSecBrief
Mirax Android Malware Turns Infected Phones Into Proxy Nodes
Mirax Android malware campaigns used Meta ads and GitHub-hosted droppers to infect devices, turning them into SOCKS5 residential proxy nodes while stealing credentials via overlays.
Source: Cleafy Labs
Read more: CyberSecBrief
