ForcedEntry is “one of the most technically sophisticated exploits” Project Zero security researchers have ever seen.
malware
New Microsoft Exchange credential stealing malware could be worse than phishing
While looking for additional Exchange vulnerabilities in the wake of this year’s zero-days, Kaspersky found an IIS add-on that harvests credentials from OWA whenever, and wherever, someone logs in.
How to Guard Against Smishing Attacks on Your Phone
“Smishing” is an attempt to collect logins or other sensitive information with a malicious text message—and it’s on the rise.
NSO Group Spyware Hits at Least 9 US State Department Phones
The incident lays bare how hollow the surveillance company’s reassurances about the limits of its hacking tools have always been.
Malicious Google Play Apps Stole User Banking Info
Using tricks to sidestep the app store’s restrictions, malware operators pillaged passwords, keystrokes, and other data.
