Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Nike Probes Possible ...

 Firewall Daily

Nike has confirmed that it is investigating a potential cybersecurity incident after claims surfaced online that its internal data may have leaked by a cybercrime group. The same group, known for extortion-driven attacks against other companies, previously claimed the Nike cyberattack on its dark web site.  Nike   show more ...

acknowledged the situation of a potential cybersecurity incident, stating, “We always take consumer privacy and data security very seriously. We are investigating a potential cybersecurity incident and are actively assessing the situation.” The company has not yet disclosed whether the cyberattack on Nike involved customer, employee, or partner data.  Hacker Group Claims the Nike Cyberattack The allegations stem from a ransomware group known as World Leaks, which claimed on its website that it had published 1.4 terabytes of data allegedly tied to Nike’s business operations. The group did not specify what types of files or information were included in the purported leak.  The Cyber Express reached out to Nike for further details regarding the reported cyberattack on Nike. However, as of the time of writing, the company had not shared any additional updates or clarification about the incident or its potential impact.  World Leaks is an extortion-focused cybercrime group that steals corporate data to pressure victims into paying ransoms, threatening public disclosure if demands are not met. The group emerged in 2025 after rebranding from Hunters International, a ransomware gang active since 2023. Following increased law enforcement scrutiny, the group reportedly abandoned traditional file-encryption tactics and shifted entirely to data theft and extortion. It has since claimed hundreds of victims.  Potential Partner Impact and Broader Industry Context  It remains unclear whether the alleged Nike data breach affected information belonging to any of Nike’s major wholesale partners. The company works closely with large retailers such as Dick’s Sporting Goods, Macy’s, and JD Sports.  The reported cyberattack on Nike comes as data breaches continue to disrupt major corporations worldwide. High-profile cyber incidents in 2023 and 2024 affected companies, including MGM Resorts International, Clorox, and UnitedHealth Group. MGM disclosed losses of at least $100 million tied to its attack, while Clorox reported a decline of more than $350 million in quarterly net sales following its breach.  The incident also follows similar developments within the sportswear sector. TechCrunch recently reported that Under Armour launched an investigation after 72 million customer email addresses were posted online.   Nike’s Business Challenges Amid Cybersecurity Concerns  According to The Star, Nike has been working to regain its position as the world’s dominant sportswear brand after losing market share to smaller competitors. Against this backdrop, the emergence of a potential Nike cyberattack adds another layer of uncertainty. Despite the reports, Nike’s shares were flat as of late morning on Monday, indicating that investors may be waiting for verified details before reacting.  As investigations continue, it remains uncertain whether the alleged Nike data breach will be confirmed or what consequences may follow. Nike has stated only that it is actively assessing the situation, and further information is expected as the inquiry progresses and claims related to the cyberattack on Nike are independently evaluated.   This is an ongoing story, and The Cyber Express will be closely monitoring the situation. We will update this post once we have more information on the Nike cyberattack or any additional information from the company. 

image for European Commission ...

 Regulations

The European Commission has launched a new formal investigation into X under the Digital Services Act (DSA), intensifying regulatory scrutiny over the platform’s use of its AI chatbot, Grok. Announced on January 26, the move follows mounting concerns that Grok AI image-generation and recommender functionalities may   show more ...

have exposed users in the EU to illegal and harmful content, including manipulated sexually explicit images and material that could amount to child sexual abuse material (CSAM). This latest European Commission investigation into X runs in parallel with an extension of an ongoing probe first opened in December 2023. The Commission will now examine whether X properly assessed and mitigated the systemic risks associated with deploying Grok’s functionalities into its platform in the EU, as required under the Digital Services Act (DSA). Focus on Grok AI and Illegal Content Risks At the core of the new proceedings is whether X fulfilled its obligations to assess and reduce risks stemming from Grok AI. The Commission said the risks appear to have already materialised, exposing EU citizens to serious harm. Regulators will investigate whether X: Diligently assessed and mitigated systemic risks, including the dissemination of illegal content, negative effects related to gender-based violence, and serious consequences for users’ physical and mental well-being. Conducted and submitted an ad hoc risk assessment report to the Commission for Grok’s functionalities before deploying them, given their critical impact on X’s overall risk profile. If proven, these failures would constitute infringements of Articles 34(1) and (2), 35(1), and 42(2) of the Digital Services Act. The Commission stressed that the opening of formal proceedings does not prejudge the outcome but confirmed that an in-depth investigation will now proceed as a matter of priority. Recommender Systems Also Under Expanded Scrutiny In a related step, the European Commission has extended its December 2023 investigation into X’s recommender systems. This expanded review will assess whether X properly evaluated and mitigated all systemic risks linked to how its algorithms promote content, including the impact of its recently announced switch to a Grok-based recommender system. As a designated very large online platform (VLOP) under the DSA, X is legally required to identify, assess, and reduce systemic risks arising from its services in the EU. These risks include the spread of illegal content and threats to fundamental rights, particularly those affecting minors. Henna Virkkunen, Executive Vice-President for Tech Sovereignty, Security and Democracy, underlined the seriousness of the case in a statement: “Sexual deepfakes of women and children are a violent, unacceptable form of degradation. With this investigation, we will determine whether X has met its legal obligations under the DSA, or whether it treated rights of European citizens - including those of women and children - as collateral damage of its service.” Earlier this month, a European Commission spokesperson had also addressed the issue while speaking to journalists in Brussels, calling the matter urgent and unacceptable. “I can confirm from this podium that the Commission is also very seriously looking into this matter,” the spokesperson said, adding: “This is not ‘spicy’. This is illegal. This is appalling. This is disgusting. This has no place in Europe.” International Pressure Builds Around Grok AI The investigation comes against a backdrop of rising regulatory pressure worldwide over Grok AI’s image-generation capabilities. On January 16, X announced changes to Grok aimed at preventing the creation of nonconsensual sexualised images, including content that critics say amounts to CSAM. The update followed weeks of scrutiny and reports of explicit material generated using Grok. In the United States, California Attorney General Rob Bonta confirmed on January 14 that his office had opened an investigation into xAI, the company behind Grok, over reports describing the depiction of women and children in explicit situations. Bonta called the reports “shocking” and urged immediate action, saying his office is examining whether the company may have violated the law. U.S. lawmakers have also stepped in. On January 12, three senators urged Apple and Google to remove X and Grok from their app stores, arguing that the chatbot had repeatedly violated app store policies related to abusive and exploitative content. Next Steps in the European Commission Investigation Into X As part of the Digital Services Act (DSA) enforcement process, the Commission will continue gathering evidence by sending additional requests for information, conducting interviews, or carrying out inspections. Interim measures could be imposed if X fails to make meaningful adjustments to its service. The Commission is also empowered to adopt a non-compliance decision or accept commitments from X to remedy the issues under investigation. Notably, the opening of formal proceedings shifts enforcement authority to the Commission, relieving national Digital Services Coordinators of their supervisory powers for the suspected infringements. The investigation complements earlier DSA proceedings that resulted in a €120 million fine against X in December 2025 for deceptive design, lack of advertising transparency, and insufficient data access for researchers. With Grok AI now firmly in regulators’ sights, the outcome of this probe could have major implications for how AI-driven features are governed on large online platforms across the EU.

image for Data Privacy Week 20 ...

 Features

By Vijender Yadav, CEO & Co-founder, Accops  The cybersecurity industry is currently grappling with a paradox: encryption, compliance, and spending are at record highs, yet data privacy remains fragile. This stems from a reliance on a 2021 playbook to fight a 2026 war.  Historically, data protection was a   show more ...

static discipline focused on "data at rest" and "data in transit." However, in an era where automated discovery tools can map an enterprise's entire data footprint in minutes, traditional walls have become irrelevant. The perimeter has shifted; it no longer resides at the edge of the network, but at the precise moment of access.  The Death of the "Safe" Zone  By now, the concept of a "trusted network" is an architectural relic. In 2026, data is a fluid asset distributed across multi-region SaaS, edge computing nodes, and sovereign clouds rather than sitting in a central vault.  The primary challenge today is the "Identity-Data Gap." While the transition away from the physical office is complete, the assumption of trust associated with it often remains. If a user connects to a resource, legacy systems frequently grant broad, persistent visibility. This level of exposure facilitates near-instant lateral movement across the network and connected devices, making such visibility a direct threat to data privacy.  Protecting data privacy in this environment requires a shift from storage-centric security to visibility control. Resources must remain "dark" to everyone except the authenticated, authorised user throughout a continuously verified session.  Data Privacy Week 2026: Defending Against the "Identity Hijack"  In 2026, the primary threat to data privacy is the weaponisation of legitimate access rather than sophisticated software exploits. While a user’s identity can be verified with near-total certainty, organisations remain remarkably vulnerable to the context of that identity—specifically the what, how, and when of the access request. In this model, identity has become a false proxy for trust.  As identity remains under constant siege, secure access must move beyond a "gatekeeper" event to become a Continuous Adaptive Risk and Trust Assessment (CARTA). Securing the new perimeter requires the validation of three distinct pillars through persistent, 24/7/365 monitoring: Validate the Human (Identity & Presence): Progressive organisations are adopting a multi-modal approach that combines phishing-resistant hardware verification with biometric-first identity signals. By anchoring identity in physical hardware (such as FIDO2-compliant keys) and augmenting it with continuous monitoring of liveness and presence, it is possible to ensure that the authorised individual remains physically present at the keys throughout the interaction. This layered verification prevents session hijacking or "shoulder surfing" in real-time.  Validate the Device (Integrity & Posture): It is no longer safe to assume a device is secure simply because it is corporate-owned. The technical integrity of the endpoint must be evaluated before and during access. This involves continuous checks for managed status, OS vulnerabilities, and security software health to ensure the tool used to access data is not a compromised gateway.  Validate the Behaviour (Intent & Monitoring): This final layer of the perimeter involves monitoring user actions for deviations from established norms. Detecting anomalies in navigation speed, timing, and data consumption allows for an assessment of whether a device is acting like a human-operated workstation or an automated exfiltration bot. The perimeter thus functions as a dynamic response system that adapts based on 'Contextual Intelligence'—the real-time risk of the intent.  Privacy-First Architecture: Micro-Segmentation of Access  The defining transition for 2026 and beyond is the shift from "Access to Resources" to "Entitlement within Resources."  Under a Zero Trust Network Access (ZTNA) 2.0 framework, this is achieved through a "Privacy of Exclusion" model. Connecting a user to an application is no longer sufficient; granular actions within that application must be managed. By default, no user sees any data. Only when a specific request is validated is a "one-to-one" encrypted tunnel created, restricting the user to the precise dataset required for the task.  This approach is necessary to satisfy the rigorous "Need-to-Know" requirements of global regulations like the GDPR or India’s DPDPA. Data privacy cannot be maintained if a network architecture allows a marketing executive to even ping an HR database. Secure access enforces privacy by making the unauthorised invisible.  Looking Ahead: The Invisible Perimeter  The mandate for technology leaders is to de-couple security from the underlying infrastructure of the internet.  Data privacy is not a checkbox; it is a continuous state of being. It is maintained only when access is granular, just-in-time, and verified with every single click. The "Castle and Moat" has been replaced by an invisible guard made of identity and intent—ensuring that privacy is a default setting rather than a manual effort. 

image for Canada Marks Data Pr ...

 Cyber News

As Data Privacy Week 2026 gets underway from January 26 to 30, Canada’s Privacy Commissioner Philippe Dufresne has renewed calls for stronger data protection practices, modern privacy laws, and a privacy-first approach to emerging technologies such as artificial intelligence. In a statement marking Data Privacy Week   show more ...

2026, Dufresne said data has become one of the most valuable resources of the 21st century, making responsible data management essential for both individuals and organizations. “Data is one of the most important resources of the 21st century and managing it well is essential for ensuring that individuals and organizations can confidently reap the benefits of a digital society,” he said. The Office of the Privacy Commissioner (OPC) has chosen privacy by design as its theme this year, highlighting the need for organizations to embed privacy into their programs, products, and services from the outset. According to Dufresne, this proactive approach can help organizations innovate responsibly, reduce risks, build for the future, and earn public trust. Data Privacy Week 2026: Privacy by Design Takes Centre Stage Speaking on the growing integration of technology into everyday life, Dufresne said Data Privacy Week 2026 is a timely opportunity to underline the importance of data protection. With personal data being collected, used, and shared at unprecedented levels, privacy is no longer a secondary concern. “Prioritizing privacy by design is my Office’s theme for Data Privacy Week this year, which highlights the benefits to organizations of taking a proactive approach to protect the personal information that is in their care,” he said. The OPC is also offering guidance for individuals on how to safeguard their personal information in a digital world, while providing organizations with resources to support privacy-first programs, policies, and services. These include principles to encourage responsible innovation, especially in the use of generative AI technologies. Real-World Cases Show Why Privacy Matters In parallel with Data Privacy Week 2026, Dufresne used a recent appearance before Parliament to point to concrete cases that show how privacy failures can cause serious and lasting harm. He referenced investigations into the non-consensual sharing of intimate images involving Aylo, the operator of Pornhub, and the 23andMe data breach, which exposed highly sensitive personal information of 7 million customers, including more than 300,000 Canadians. His office’s joint investigation into TikTok also highlighted the need to protect children’s privacy online. The probe not only resulted in a report but also led TikTok to improve its privacy practices in the interests of its users, particularly minors. Dufresne also confirmed an expanded investigation into X and its Grok chatbot, focusing on the emerging use of AI to create deepfakes, which he said presents significant risks to Canadians. “These are some of many examples that demonstrate the importance of privacy for current and future generations,” he told lawmakers, adding that prioritizing privacy is also a strategic and competitive asset for organizations. Modernizing Canada’s Privacy Laws A central theme of Data Privacy Week 2026 in Canada is the need to modernize privacy legislation. Dufresne said existing laws must be updated to protect Canadians in a data-driven world while giving businesses clear and practical rules. He voiced support for proposed changes under Bill C-15, the Budget 2025 Implementation Act, which would amend the Personal Information Protection and Electronic Documents Act (PIPEDA) to introduce a right to data mobility. This would allow individuals to request that their personal information be transferred to another organization, subject to regulations and safeguards. “A right to data mobility would give Canadians greater control of their personal information by allowing them to make decisions about who they want their information shared with,” he said, adding that it would also make it easier for people to switch service providers and support innovation and competition. Under the proposed amendments, organizations would be required to disclose personal information to designated organizations upon request, provided both are subject to a data-mobility framework. The federal government would also gain authority to set regulations covering safeguards, interoperability standards, and exceptions. Given the scope of these changes, Dufresne said it will be important for his office to be consulted as the regulations are developed. A Call to Act During Data Privacy Week 2026 Looking ahead, Dufresne framed Data Privacy Week 2026 as both a moment of reflection and a call to action. “Let us work together to create a safer digital future for all, where privacy is everyone’s priority,” he said. He invited Canadians to take part in Data Privacy Week 2026 by joining the conversation online, engaging with content from the OPC’s LinkedIn account, and using the hashtag #DPW2026 to connect with others committed to advancing privacy in Canada and globally. As digital technologies continue to reshape daily life, the message from Canada’s Privacy Commissioner is clear: privacy is not just a legal requirement, but a foundation for trust, innovation, and long-term economic growth.

image for CISA Flags Actively ...

 Firewall Daily

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability affecting VMware vCenter Server to its Known Exploited Vulnerabilities (KEV) catalog, confirming that the flaw is being actively exploited in real-world attacks.   The update stresses CVE-2024-37079, a severe remote   show more ...

code execution (RCE) issue that was originally patched in 2024 but continues to pose a direct risk to organizations running unpatched systems.  Heap Overflow Flaw Poses Severe RCE Risk  CVE-2024-37079 carries a maximum CVSS v3.1 score of 9.8, placing it firmly in the “critical” severity category. The vulnerability stems from a heap overflow weakness in the Distributed Computing Environment/Remote Procedure Call (DCE/RPC) protocol implementation within VMware vCenter Server.   VMware vCenter Server is widely used by administrators to centrally manage Broadcom’s VMware ESXi hypervisors and virtual machines, making it a high-value target for attackers.  DCE/RPC, or Distributed Computing Environment/Remote Procedure Calls, is used by VMware vCenter Server for internal inter-process communication. This includes sensitive services such as certificate management, directory services, and authentication.  According to the CVE description, “vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet, potentially leading to remote code execution.”  By exploiting CVE-2024-37079, threat actors can gain a foothold on the vCenter management plane and then move laterally to underlying hypervisors.  Impact of CVE-2024-37079 Across VMware vCenter Server and Cloud Foundation  The vulnerability record for CVE-2024-37079 was published on June 18, 2024, by VMware and Broadcom. It specifies that the flaw is remotely exploitable over the network with no privileges or user interaction required. Affected products include VMware vCenter Server versions 8.0 before 8.0 U2d and 8.0 U1e, as well as version 7.0 before 7.0 U3r. VMware Cloud Foundation deployments are also impacted, specifically versions 5.x and 4.x that include vulnerable vCenter Server components. Later fixed versions are available, but no viable in-product workarounds were identified.  CVE-2024-37079 is addressed as part of VMware Security Advisory VMSA-2024-0012, initially released on June 17, 2024. The advisory also covers CVE-2024-37080, another heap overflow issue in the DCE/RPC implementation, and CVE-2024-37081, a local privilege escalation vulnerability caused by sudo misconfigurations. While CVE-2024-37081 carries a lower maximum CVSS score of 7.8 and requires local authenticated access, CVE-2024-37079 and CVE-2024-37080 both reach the critical 9.8 threshold.  Urgent Need for Patching as Exploitation Occurs in the Wild  On Jan. 23, 2026, VMware updated the advisory to version VMSA-2024-0012.1, adding a key note: “Broadcom has information to suggest that exploitation of CVE-2024-37079 has occurred in the wild.” This update aligns with CISA’s decision to add the vulnerability to the KEV catalog, signaling that attackers are actively abusing the flaw rather than merely researching it.  VMware acknowledged the researchers who responsibly disclosed the issues. CVE-2024-37079 and CVE-2024-37080 were reported by Hao Zheng (@zhz) and Zibo Li (@zbleet) from the TianGong Team of Legendsec at Qi’anxin Group. CVE-2024-37081 was reported by Matei “Mal” Badanoiu of Deloitte Romania. 

image for Fake apps, NFC skimm ...

 Threats

The year 2025 saw a record-breaking number of attacks on Android devices. Scammers are currently riding a few major waves: the hype surrounding AI apps, the urge to bypass site blocks or age checks, the hunt for a bargain on a new smartphone, the ubiquity of mobile banking, and, of course, the popularity of NFC.   show more ...

Let’s break down the primary threats of 2025–2026, and figure out how to keep your Android device safe in this new landscape. Sideloading Malicious installation packages (APK files) have always been the Final Boss among Android threats, despite Google’s multi-year efforts to fortify the OS. By using sideloading — installing an app via an APK file instead of grabbing it from the official store — users can install pretty much anything, including straight-up malware. And neither the rollout of Google Play Protect, nor the various permission restrictions for shady apps have managed to put a dent in the scale of the problem. According to preliminary data from Kaspersky for 2025, the number of detected Android threats grew almost by half. In the third quarter alone, detections jumped by 38% compared to the second. In certain niches, like Trojan bankers, the growth was even more aggressive. In Russia alone, the notorious Mamont banker attacked 36 times more users than it did the previous year, while globally this entire category saw a nearly fourfold increase. Today, bad actors primarily distribute malware via messaging apps by sliding malicious files into DMs and group chats. The installation file usually sports an enticing name (think “party_pics.jpg.apk” or “clearance_sale_catalog.apk”), accompanied by a message “helpfully” explaining how to install the package while bypassing the OS restrictions and security warnings. Once a new device is infected, the malware often spams itself to everyone in the victim’s contact list. Search engine spam and email campaigns are also trending, luring users to sites that look exactly like an official app store. There, they’re prompted to download the “latest helpful app”, such as an AI assistant. In reality, instead of an installation from an official app store, the user ends up downloading an APK package. A prime example of these tactics is the ClayRat Android Trojan, which uses a mix of all these techniques to target Russian users. It spreads through groups and fake websites, blasts itself to the victim’s contacts via SMS, and then proceeds to steal the victim’s chat logs and call history; it even goes as far as snapping photos of the owner using the front-facing camera. In just three months, over 600 distinct ClayRat builds have surfaced. The scale of the disaster is so massive that Google even announced an upcoming ban on distributing apps from unknown developers starting in 2026. However, after a couple of months of pushback from the dev community, the company pivoted to a softer approach: unsigned apps will likely only be installable via some kind of superuser mode. As a result, we can expect scammers to simply update their how-to guides with instructions on how to toggle that mode on. Kaspersky for Android will help you protect yourself from counterfeit and trojanized APK files. Unfortunately, due to Google’s decision, our Android security apps are currently unavailable on Google Play. We’ve previously provided detailed information on how to install our Android apps with a 100% guarantee of authenticity. NFC relay attacks Once an Android device is compromised, hackers can skip the middleman to steal the victim’s money directly thanks to the massive popularity of mobile payments. In the third quarter of 2025 alone, over 44 000 of these attacks were detected in Russia alone — a 50% jump from the previous quarter. There are two main scams currently in play: direct and reverse NFC exploits. Direct NFC relay is when a scammer contacts the victim via a messaging app and convinces them to download an app — supposedly to “verify their identity” with their bank. If the victim bites and installs it, they’re asked to tap their physical bank card against the back of their phone and enter their PIN. And just like that the card data is handed over to the criminals, who can then drain the account or go on a shopping spree. Reverse NFC relay is a more elaborate scheme. The scammer sends a malicious APK and convinces the victim to set this new app as their primary contactless payment method. The app generates an NFC signal that ATMs recognize as the scammer’s card. The victim is then talked into going to an ATM with their infected phone to deposit cash into a “secure account”. In reality, those funds go straight into the scammer’s pocket. We break both of these methods down in detail in our post, NFC skimming attacks. NFC is also being leveraged to cash out cards after their details have been siphoned off through phishing websites. In this scenario, attackers attempt to link the stolen card to a mobile wallet on their own smartphone — a scheme we covered extensively in NFC carders hide behind Apple Pay and Google Wallet. The stir over VPNs In many parts of the world, getting onto certain websites isn’t as simple as it used to be. Some sites are blocked by local internet regulators or ISPs via court orders; others require users to pass an age verification check by showing ID and personal info. In some cases, sites block users from specific countries entirely just to avoid the headache of complying with local laws. Users are constantly trying to bypass these restrictions —and they often end up paying for it with their data or cash. Many popular tools for bypassing blocks — especially free ones — effectively spy on their users. A recent audit revealed that over 20 popular services with a combined total of more than 700 million downloads actively track user location. They also tend to use sketchy encryption at best, which essentially leaves all user data out in the open for third parties to intercept. Moreover, according to Google data from November 2025, there was a sharp spike in cases where malicious apps are being disguised as legitimate VPN services to trick unsuspecting users. The permissions that this category of apps actually requires are a perfect match for intercepting data and manipulating website traffic. It’s also much easier for scammers to convince a victim to grant administrative privileges to an app responsible for internet access than it is for, say, a game or a music player. We should expect this scheme to only grow in popularity. Trojan in a box Even cautious users can fall victim to an infection if they succumb to the urge to save some cash. Throughout 2025, cases were reported worldwide where devices were already carrying a Trojan the moment they were unboxed. Typically, these were either smartphones from obscure manufacturers or knock-offs of famous brands purchased on online marketplaces. But the threat wasn’t limited to just phones; TV boxes, tablets, smart TVs, and even digital photo frames were all found to be at risk. It’s still not entirely clear whether the infection happens right on the factory floor or somewhere along the supply chain between the factory and the buyer’s doorstep, but the device is already infected before the first time it’s turned on. Usually, it’s a sophisticated piece of malware called Triada, first identified by Kaspersky analysts back in 2016. It’s capable of injecting itself into every running app to intercept information: stealing access tokens and passwords for popular messaging apps and social media, hijacking SMS messages (confirmation codes: ouch!), redirecting users to ad-heavy sites, and even running a proxy directly on the phone so attackers can browse the web using the victim’s identity. Technically, the Trojan is embedded right into the smartphone’s firmware, and the only way to kill it is to reflash the device with a clean OS. Usually, once you dig into the system, you’ll find that the device has far less RAM or storage than advertised — meaning the firmware is literally lying to the owner to sell a cheap hardware config as something more premium. Another common pre-installed menace is the BADBOX 2.0 botnet, which also pulls double duty as a proxy and an ad-fraud engine. This one specializes in TV boxes and similar hardware. How to go on using Android without losing your mind Despite the growing list of threats, you can still use your Android smartphone safely! You just have to stick to some strict mobile hygiene rules. Install a comprehensive security solution on all your smartphones. We recommend Kaspersky for Android to protect against malware and phishing. Avoid sideloading apps via APKs whenever you can use an app store instead. A known app store — even a smaller one — is always a better bet than a random APK from some random website. If you have no other choice, download APK files only from official company websites, and double-check the URL of the page you’re on. If you aren’t 100% sure what the official site is, don’t just rely on a search engine; check official business directories or at least Wikipedia to verify the correct address. Read OS warnings carefully during installation. Don’t grant permissions if the requested rights or actions seem illogical or excessive for the app you’re installing. Under no circumstances should you install apps from links or attachments in chats, emails, or similar communication channels. Never tap your physical bank card against your phone. There is absolutely no legitimate scenario where doing this would be for your own benefit. Do not enter your card’s PIN into any app on your phone. A PIN should only ever be requested by an ATM or a physical payment terminal. When choosing a VPN, stick to paid ones from reputable companies. Buy smartphones and other electronics from official retailers, and steer clear of brands you’ve never heard of. Remember: if a deal seems too good to be true, it almost certainly is. Other major Android threats from 2025: Pixnapping vulnerability: unblockable screenshots of your Android phone Spyware that pretends to be an antivirus Data theft during smartphone charging SparkCat trojan stealer infiltrates App Store and Google Play, steals data from photos

 Cybercrime

The company said in a brief statement that it takes consumer privacy and data security seriously and is “actively assessing the situation,” but offered few details about the scope of the alleged breach or whether customer information may have been exposed.

 Feed

Microsoft on Monday issued out-of-band security patches for a high-severity Microsoft Office zero-day vulnerability exploited in attacks. The vulnerability, tracked as CVE-2026-21509, carries a CVSS score of 7.8 out of 10.0. It has been described as a security feature bypass in Microsoft Office. "Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized

 Feed

Cybersecurity researchers have disclosed details of a new campaign that combines ClickFix-style fake CAPTCHAs with a signed Microsoft Application Virtualization (App-V) script to distribute an information stealer called Amatera. "Instead of launching PowerShell directly, the attacker uses this script to control how execution begins and to avoid more common, easily recognized execution paths,"

 Feed

Cybersecurity teams increasingly want to move beyond looking at threats and vulnerabilities in isolation. It’s not only about what could go wrong (vulnerabilities) or who might attack (threats), but where they intersect in your actual environment to create real, exploitable exposure. Which exposures truly matter? Can attackers exploit them? Are our defenses effective? Continuous Threat Exposure

 Feed

A critical security flaw has been disclosed in Grist‑Core, an open-source, self-hosted version of the Grist relational spreadsheet-database, that could result in remote code execution. The vulnerability, tracked as CVE-2026-24002 (CVSS score: 9.1), has been codenamed Cellbreak by Cyera Research Labs. "One malicious formula can turn a spreadsheet into a Remote Code Execution (RCE) beachhead,"

 Feed

Cybersecurity researchers have discovered a JScript-based command-and-control (C2) framework called PeckBirdy that has been put to use by China-aligned APT actors since 2023 to target multiple environments. The flexible framework has been put to use against Chinese gambling industries and malicious activities targeting Asian government entities and private organizations, according to Trend Micro

 Feed

Meta on Tuesday announced it's adding Strict Account Settings on WhatsApp to secure certain users against advanced cyber attacks because of who they are and what they do. The feature, similar to Lockdown Mode in Apple iOS and Advanced Protection in Android, aims to protect individuals, such as journalists or public-facing figures, from sophisticated spyware by trading some functionality for

 Feed

Indian government entities have been targeted in two campaigns undertaken by a threat actor that operates in Pakistan using previously undocumented tradecraft. The campaigns have been codenamed Gopher Strike and Sheet Attack by Zscaler ThreatLabz, which identified them in September 2025. "While these campaigns share some similarities with the Pakistan-linked Advanced Persistent Threat (APT)

 AI

In episode 85 of The AI Fix, Graham discovers that Silicon Valley has the solution to your pet's mental health crisis, and Mark explains why AI godfather Yann LeCun thinks the entire AI industry is wrong about LLMs. Also in this episode, OpenAI decides to ruin ChatGPT with ads; Sam Altman and Elon Musk and have a   show more ...

public spat over whose AI is more murderous; humanoid robots turn up at CES 2026 and answer of whether robots can fight—with a resounding "no"; and AI slop forces the beloved cURL project to shut down its bug bounty program. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

2026-01
Aggregator history
Tuesday, January 27
THU
FRI
SAT
SUN
MON
TUE
WED
JanuaryFebruaryMarch