News

Security, surveillance, and defensive updates

‹ Back to websec.gr
2026-01-07 Android Malware
Ghost Tapped
Tracking the Rise of Chinese Tap-to-pay Android Malware
Read →
2026-01-07 Predator
Predator iOS Malware:
Building a Surveillance Framework - Part 1
Read →
2026-01-07 WhatsApp
WhatsApp Silent Fix of Device Fingerprinting Privacy Issue Assessment
The Good, The (Not So) Bad, and The (Somewhat) Ugly
Read →
2026-01-07 WhatsApp 0-Click
DNGerousLINK
A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices
Read →
2026-01-07 SMS Android
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
Group-IB analyzes the evolution of Android malware in Uzbekistan, revealing advanced droppers, encrypted payload delivery, anti-analysis techniques, and Wonderland’s bidirectional SMS-stealing capabilities driving large-scale financial fraud.
Read →
2026-01-07 Android PoC
CVE-2025-38352 (Part 1)
In-the-wild Android Kernel Vulnerability Analysis + PoC
Read →
2025-12-22 Zero-click Android
Google Project Zero breaks down a 0-click Android exploit that hijacked Samsung phones via a malicious DNG image—originally flagged by Unit
Google Project Zero breaks down a 0-click Android exploit that hijacked Samsung phones via a malicious DNG image—originally flagged by Unit 42. Patched in April 2025 (CVE-2025-21042)
Read →
2025-12-22 iMessage Zero-Click RCE
CVE-2025-31200 & CVE-2025-31201 | iMessage Zero‑Click RCE Chain
CVE-2025-31200 & CVE-2025-31201 | iMessage Zero‑Click RCE Chain Summary This repository documents research into a zero‑click remote exploit chain affecting iOS 18.x. A malformed MP4 audio file delivered via iMessage triggers:
Read →
2025-12-22 Android
CVE-2025-38352 - In-the-wild Android Kernel Vulnerability Analysis + PoC
CVE-2025-38352 was a race condition use-after-free vulnerability in the Linux kernel's POSIX CPU timers implementation that was reported to have been under limited, targeted exploitation in the wild: September 2025 Android Bulletin An analysis of this vulnerability was already posted by @streypaws. Their blog post does a good job explaining how POSIX CPU timers work, and the
Read →
2025-12-14 NFC Malware
RelayNFC: The New NFC Relay Malware Targeting Brazil
RelayNFC: The New NFC Relay Malware Targeting Brazil
Read →
2025-12-14
Plug, Play, Pwn: Hacking with Evil Crow Cable Wind
Plug, Play, Pwn: Hacking with Evil Crow Cable Wind
Read →
2025-12-14 Android Security
Google Project Zero breaks down a 0-click Android exploit that hijacked Samsung phones via a malicious DNG image—originally flagged by Unit
Google Project Zero breaks down a 0-click Android exploit that hijacked Samsung phones via a malicious DNG image—originally flagged by Unit 42. Patched in April 2025 (CVE-2025-21042
Read →
2025-12-13 Mobile Forensics Extracting Data
Mobile Forensics: Extracting Data from WhatsApp
Mobile Forensics: Extracting Data from WhatsApp
Read →
2025-12-13 Predator Intellexa
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware
To Catch a Predator: Leak exposes the internal operations of Intellexa’s mercenary spyware
Read →
2025-12-13
DroidLock Hijacks Your Device
Total Takeover: DroidLock Hijacks Your Device
Read →