Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
Kandji's threat research team has discovered a piece of malware that combines aspects of an infostealer and spyware. Here's how it works.
Over 500 people targeted by Pegasus spyware in Poland, officials say
Prosecutor General Adam Bodnar says an investigation into Pegasus use by current and former government officials has expanded to hundreds more people than initially reported.
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
Spyware vendor targets users in Italy and Kazakhstan
Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.
Pegasus spyware scandal uncovered by fake image file on an iPhone
The scandal over NSO Group's Pegasus spyware was uncovered by a single fake image file mistakenly left on an activist's iPhone, a report states, a discovery that prompted international outcry over privacy.
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, keeping an eye out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know.
Price of zero-day exploits rises as companies harden products against hackers
Tools that allow government hackers to break into iPhones and Android phones, popular software like the Chrome and Safari browsers, and chat apps like
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
Spyware vendor targets users in Italy and Kazakhstan
Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.
Pegasus spyware scandal uncovered by fake image file on an iPhone
The scandal over NSO Group's Pegasus spyware was uncovered by a single fake image file mistakenly left on an activist's iPhone, a report states, a discovery that prompted international outcry over privacy.
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, keeping an eye out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know.
Google: Spyware vendors behind 50% of zero-days exploited in 2023
Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients.
Finland, Germany, Ireland, Japan, Poland, South Korea added to US-led spyware agreement
The signees, which already included about a dozen other nations, agree to establish “robust guardrails and procedures" around spyware, while preventing the export of technology that will be used for malicious cyber activity.
US sanctions founder of spyware maker Intellexa for targeting Americans | TechCrunch
The U.S. government announced Tuesday sanctions against the founder of the notorious spyware company Intellexa and one of his business partners. This is
The Predator spyware ecosystem is not dead
Discover our TDR team's revelations about Predator spyware: its C2 infrastructure and list of countries still using its cyber espionage tool.
European Parliament finds spyware on defense committee members’ phones
Officials handling security and defense issues were the target of phone hacking, internal email says.
GitHub leak exposes Chinese offensive cyber operations – researchers
The leaked documents supposedly discuss spyware developed by I-Soon, a Chinese infosec company, that’s targeting social media platforms, telecommunications companies, and other organizations worldwide. Researchers suspect the operations are orchestrated by the Chinese government. Unknown individuals allegedly leaked a trove of Chinese government documents on GitHub. The documents reveal how China conducts offensive cyber operations with spyware developed by I-Soon, Taiwanese threat intelligence researcher Azaka Sekai claims.
Poland's PM says authorities in the previous government widely and illegally used Pegasus spyware | AP News
Poland’s new prime minister says he has documentation proving that state authorities under the previous government used the powerful Pegasus spyware illegally and targeted a “very long” list of hacking victims.
The Return of Candiru: Zero-days in the Middle East - Avast Threat Labs
We recently discovered a zero-day vulnerability in Google Chrome (CVE-2022-2294) when it was exploited in the wild in an attempt to attack Avast users in the Middle East. The vulnerability was a memory corruption in WebRTC that was abused to achieve shellcode execution in Chrome’s renderer process. We reported this vulnerability to Google, who patched it on July 4, 2022.
Spyware vendor targets users in Italy and Kazakhstan
Today, alongside Google’s Project Zero, we are detailing capabilities provided by RCS Labs, an Italian vendor that uses a combination of tactics, including atypical drive-by downloads as initial infection vectors to target mobile users on both iOS and Android.
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
Two Egyptians—exiled politician Ayman Nour and the host of a popular news program (who wishes to remain anonymous)—were hacked with Predator spyware, built and sold by the previously little-known mercenary spyware developer Cytrox. The phone of Ayman Nour was simultaneously infected with both Cytrox’s Predator and NSO Group’s Pegasus spyware, operated by two different government clients.
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware, including members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations.
Pegasus spyware scandal uncovered by fake image file on an iPhone
The scandal over NSO Group's Pegasus spyware was uncovered by a single fake image file mistakenly left on an activist's iPhone, a report states, a discovery that prompted international outcry over privacy.
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
As a journalist working for the Arab news network Alaraby, Rania Dridi said she’s taken precautions to avoid being targeted by hackers, keeping an eye out for suspicious messages and avoiding clicking on links or opening attachments from people she doesn’t know.
World Govs, Tech Giants Sign Spyware Responsibility Pledge
France, the UK, the US, and others will work on a framework for the responsible use of tools like NSO Group's Pegasus, and Shadowserver Foundation gains £1 million investment.
Government hackers targeted iPhones owners with zero-days, Google says
One of the hacking campaigns used exploits developed by Variston, a Barcelona-based startup. Sources say the spyware maker is losing staff.