Security news aggregator

Latest coverage for Zero-Click

Zero-click attacks exploit flaws without user interaction, enabling compromise through messages or files; prompt patching and exposure reduction limit risk.

2 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Zero-click describes an exploit that can be triggered without the victim tapping a link, opening a file, or otherwise interacting. Attackers send specially crafted data to software that processes content automatically, such as messaging, calling, email, browser, media, or wireless components. A flaw in a parser or processing service may enable code execution, privilege escalation, or information disclosure, although a zero-click vulnerability is not necessarily remotely exploitable or capable of taking full control.

These attacks matter because they can compromise a device with little visible user activity, making prevention and attribution harder; spyware and unauthorized data access are possible outcomes. Prioritize rapid patching of exposed operating systems, applications, and firmware, and reduce attack surface by disabling unnecessary services or automatic processing where practical. Use least privilege and device isolation to limit impact. Monitoring for unexplained crashes, abnormal processes, or unexpected network connections can support detection, while suspected exploitation should trigger preservation of relevant logs and focused investigation.

Showing 2 most recent headlines Filtered view
Bank Info Security 2 years, 4 months ago

A New Self-Spreading, Zero-Click Gen AI Worm Has Arrived!

Researchers Created Worm That Can Exfiltrate Data, Spread Spam and Poison AI ModelsResearchers have created a zero-click, self-spreading worm that can steal personal data through applications that use chatbots powered by generative artificial intelligence. Dubbed Morris II, the malware uses a prompt injection attack vector to trick AI-powered email assistant apps.