Spyware Designed for Telegram Mods Also Targets WhatsApp Add-Ons
Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.
Research examines attack methods, defenses, and vulnerabilities, helping security teams understand risks and improve protection.
Search across headline titles and summaries.
Background for this topic.
Research is the systematic study of technologies, systems, attack methods, vulnerabilities, and defensive techniques to establish evidence and produce new findings. In information security, it includes work such as discovering flaws in software or protocols, analyzing malware and attacker behavior, testing cryptographic designs, and evaluating security controls. News under this tag may describe a proof of concept, a measurement study, or a proposed technique rather than a confirmed real-world attack.
For practitioners, research can change how risks are prioritized and mitigated. A demonstrated vulnerability may require vulnerability-management teams to verify affected assets, apply fixes, or add compensating controls; responsible disclosure gives developers time to assess and remediate before technical details enable exploitation. Research involving live systems, personal data, or offensive tooling also raises privacy, authorization, dual-use, and ethical concerns. Sound findings should state their assumptions, scope, limitations, and reproducibility, since laboratory results do not automatically show that an attack is practical in every environment.
Researchers discovered spyware designed to steal from Android devices and from Telegram mods can also reach WhatsApp users.
Cybersecurity researchers have unearthed a number of WhatsApp mods for Android that come fitted with a spyware module dubbed CanesSpy
Jury took just four hours to reach guilty verdicts Sam Bankman-Fried, the founder and former CEO of crypto exchange FTX and trading firm Alameda Research, has been found guilty of seven criminal charges.…
Over a week later and barely any patches for the 10/10 vulnerability have been applied Security researchers have confirmed that ransomware criminals are capitalizing on a maximum-severity vulnerability in Apache ActiveMQ.…
As many as 34 unique vulnerable Windows Driver Model (WDM) and Windows Driver Frameworks (WDF) drivers could be exploited by non-privileged threat actors to gain full control of the devices and execute arbitrary code on the underlying systems
Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution
Advarra probes intrusion claims, says 'the matter is contained' Ransomware crooks claim they've stolen data from a firm that helps other organizations run medical trials after one of its executives had their cellphone number and accounts hijacked.…
Sophos researchers said the increased success rates was partly due to threat actors speeding up their attack timelines
A threat actor known as Prolific Puma has been maintaining a low profile and operating an underground link shortening service that's offered to other threat actors for at least over the past four years
Neither Excel nor PowerPoint safe as baddies continue to find ways around protections Cybercriminals are once again abusing macro-enabled Excel add-in (XLL) files in malware attacks at a vastly increased rate, according to new research.…
The 28 signatories of the Bletchley Declaration agreed on an international network of scientific research on ‘frontier AI’ safety
Discovered by Check Point Research (CPR) and Sygnia, the campaign peaked in mid-2023
A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected. [...]
The top-level domain for the United States -- .US -- is home to thousands of newly-registered domains tied to a malicious link shortening service that facilitates malware and phishing scams, new research suggests. The findings come close on the heels of a report that identified .US domains as among the most prevalent in phishing attacks over the past year.
Cybersecurity researchers have uncovered a new set of malicious packages published to the NuGet package manager using a lesser-known method for malware deployment
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents. [...]
Researchers just scratching surface of their understanding of campaign dating back to 2020 Security researchers have uncovered a multi-year cryptojacking campaign they claim autonomously clones GitHub repositories and steals their exposed AWS credentials.…