The post The AI Inflection Point: Android 17, Gemini 4, and the Shocking Debut of “Aluminium OS” at Google I/O 2026 appeared first on Daily CyberSecurity.

The post Microsoft Teams for Android to Launch Native SIP Interoperability appeared first on Daily CyberSecurity.

Google patched a critical Android flaw (CVE‑2026‑0073) that lets attackers run code remotely without user action.

Google released a security update for Android to address a critical remote code execution flaw, tracked as CVE‑2026‑0073, in the System component. The bug allowed attackers to run code as the shell user without needing extra permissions, or any user interaction.

The patch prevents potential full device compromise from remote exploitation.

“The vulnerability in this section could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.” reads the advisory.

The flaw impacts ‘adbd’ (Android Debug Bridge daemon), the background process on an Android device that enables communication with a computer through the Android Debug Bridge (ADB) tool.

Google is not aware of any public exploits for this issue or of attacks in the wild exploiting CVE-2026-0073.

In March, Google confirmed that another vulnerability, tracked as CVE-2026-21385 (CVSS score of 7.8), in open-source Qualcomm component has been actively exploited.

The flaw is a buffer over-read in the Graphics component that could allow attackers to access sensitive memory data, underscoring ongoing risks to Android users.

The company did not disclose technical details about the attacks exploiting this vulnerability.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Google)

Microsoft is set to bridge the gap in enterprise unified communications with a highly anticipated update to its conference room hardware. Starting in June 2026, Microsoft Teams Rooms on Android will officially support joining third-party external meetings through Session Initiation Protocol (SIP). This strategic development aims to deliver seamless cross-platform interoperability for organizations relying on […]

The post Microsoft Teams on Android Now Lets Users Join External Meetings Through SIP appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Meta patched two WhatsApp flaws affecting iOS, Android, and Windows users, including bugs tied to risky files, links, and Reels previews.

The post New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch appeared first on TechRepublic.

Google patched an Android zero-click RCE flaw affecting multiple versions. Here’s what IT teams should know and how to reduce mobile risk.

The post Google Update: Android Flaw Could Put Billions of Devices at Risk appeared first on TechRepublic.

The post Apple Unveils End-to-End Encryption for iPhone-to-Android RCS Messaging appeared first on Daily CyberSecurity.

The post Critical Zero-Click Android Flaw Grants Remote Shell Access Without Interaction appeared first on Daily CyberSecurity.

Google has published the May 2026 Android Security Bulletin, alerting the ecosystem to a highly severe remote code execution (RCE) flaw.

Tracked as CVE-2026-0073, this critical vulnerability resides deep within the core Android System component.

It allows an attacker to gain remote shell access without requiring a single tap, download, or click from the device owner.

Threat actors can launch this zero-click attack proximally, meaning they only need to be on the same local network or in physical proximity to exploit a vulnerable mobile device.

Android Zero-Click Vulnerability

The root of CVE-2026-0073 lies within the adbd subcomponent, which stands for the Android Debug Bridge daemon.

Developers traditionally utilize this system service to communicate with a device, run terminal commands, and modify system behavior.

Because the flaw grants remote code execution as a “shell” user, attackers can bypass normal application sandboxes.

They do not need any special execution privileges or user interaction to deploy their malicious payloads successfully.

Imagine the adbd service as a restricted maintenance door on a secure corporate building.

This vulnerability acts like a master key that works over a wireless connection, allowing an intruder to quietly unlock the door and issue commands to the building’s internal systems without the security guard ever noticing.

This frictionless level of access makes the vulnerability highly dangerous and incredibly attractive to advanced threat actors.

Because the adbd service is a Project Mainline component distributed via Google Play system updates, the flaw affects multiple recent generations of the operating system.

Android 14, Android 15, Android 16, and Android 16-QPR2 devices are currently at risk.

Google has resolved this critical issue in the May 1, 2026, security patch level, as detailed in the Android Security Bulletin May 2026.

All Android hardware partners were notified of this vulnerability at least a month in advance to help them prepare over-the-air firmware updates.

Corresponding source code patches are also being pushed to the Android Open Source Project (AOSP) repository to ensure ongoing platform stability for the wider ecosystem.

Device owners must prioritize installing the latest security updates immediately to block potential exploitation.

To confirm that a device is protected, navigate to system settings and verify that the security patch level is May 1, 2026, or later.

Users should also manually check for pending Google Play system updates, as some devices running Android 10 or later may receive targeted component patches via this alternative channel.

Free Webinar to align your endpoint security to meet new requirements – Register Now

The post Critical Android Zero-Click Vulnerability Grants Remote Shell Access appeared first on Cyber Security News.

Explore the best VPNs for Android devices in 2026. Find out which VPN offers the best security, speed and features for your Android device.

The post 5 Best VPNs for Android in 2026 appeared first on TechRepublic.

A massive fraud network called FEMITBOT uses Telegram Mini Apps and fake brand names like Apple, Disney, and…

New research has uncovered a Mirai-derived botnet called xlabs_v1 that turns Android devices with exposed Android Debug Bridge (ADB) into a distributed attack platform for knocking Minecraft servers and other game hosts offline. By abusing TCP port 5555 on poorly secured Android-based hardware, the operators are quietly building a rentable DDoS-for-hire service aimed at the gaming ecosystem. […]

The post Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Samsung’s One UI 8.5 update may bring stronger Galaxy security controls as users report battery drain and overheating after recent patches.

The post Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones appeared first on TechRepublic.

A newly discovered Android spyware platform is raising concerns among cybersecurity researchers by introducing a business model that allows buyers to rebrand and resell surveillance malware as their own product. Buyers can subscribe to the service, customize branding, and launch their own spyware operation with minimal effort. KidsProtect presents itself as a parental monitoring app, […]

The post New Android Spyware Platform Enables Rebranding and Resale appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Osservatorio Nessuno uncovered Morpheus spyware spreading via fake Android apps to steal data, highlighting rising covert surveillance tools.

The non-partisan, non-religious, nonprofit organization Osservatorio Nessuno exposed a new spyware called Morpheus, distributed through fake Android apps posing as updates. Once installed, it can steal extensive data from the infected devices. The report shows strong demand from law enforcement and intelligence agencies, fueling a growing market of spyware vendors, many operating quietly outside public scrutiny.

Attackers used a typical low-cost spyware tactic: disrupt a service and trick the victim into installing a fake app to restore it. In this case, targets received an SMS linking to a site impersonating an ISP. The first stage, a dropper app, installs a hidden second-stage payload embedded within it. It checks if the payload is already present, then silently deploys it with minimal user awareness.

The second stage disguises itself as legitimate system components, using fake icons and names to appear trustworthy. It forces users to grant dangerous permissions, including Accessibility access, which allows it to read screens, interact with apps, and capture sensitive data.

“After granting Accessibility permissions, the spyware starts a Permission Workflow that creates an overlay with a fake update process and a fake reboot screen. In background, the workflow performs all the steps to grant all the needed permissions. This includes enabling Developer Options, turning on Wireless Debugging, and locally pairing to the ADB daemon.” reads the report published by the Osservatorio Nessuno. “Conveniently, during the fake update the app disables the touchscreen by setting FLAG_NOT_TOUCHABLE on the whole full-screen overlay, leaving the user partially unable to respond to the infection.”

The malware also gains persistence by restarting after reboot and can request device admin privileges, making removal difficult. Overall, it enables long-term, covert surveillance of the infected device.

The spyware abuses overlay windows and Accessibility features to take control of the device and bypass protections. Using the powerful SYSTEM_ALERT_WINDOW permission, it displays fake screens, such as updates or reboots, while secretly granting itself permissions in the background, even disabling touch input to limit user control. It can trick victims into approving actions like linking a WhatsApp account by showing a fake biometric prompt.

It also enables Wireless Debugging and connects to ADB to gain elevated privileges, silently granting itself sensitive permissions, disabling security protections like camera/mic indicators and Play Protect, and turning off antivirus tools.

“In the third phase the spyware disables a number of known Antivirus software, including Google’s own SafetyCore, Bitdefender, Sophos, Avast, AVG, Malwarebytes, along with a handful of smaller “cleaner/antivirus” apps popular on low end devices.” continues the report. “None of these requires root, and persists across reboots since the Android security model treats user’s installed anti-malware software like ordinary apps.”

Finally, it adjusts system settings across different Android versions to ensure persistence, avoid detection, and maintain full access to the device.

The analysis of the source code suggests an Italian origin for the spyware, based on language clues and references like “aprafoco” and “Gomorra.” The malware supports multiple languages and Android devices, showing broader targeting. Its infrastructure uses encrypted configs, Italian-hosted servers, and domains linked to small ISPs and obscure entities with generic details.

The researchers found ties between hosting providers, fake or opaque companies, and shared contacts. The phishing domain is registered to a small Italian firm with minimal activity and links to other questionable businesses. Overlapping financial and corporate connections suggest a network of related entities potentially supporting the spyware operation while masking its true ownership.

Osservatorio Nessuno concluded that the spyware is linked to IPS Intelligence, an Italian firm active for over 30 years in lawful interception technologies used by governments to monitor communications through telecom and internet providers.

“While IPS Intelligence is a well‑known commercial surveillance provider, this is, to our knowledge, the first report linking them to the distribution and operation of spyware.” concludes the report. “Morpheus is extremely invasive: it can record audio and video, silently pair a WhatsApp device, erase evidence, and deliberately weaken the security of the infected phone, among other malicious capabilities.”

The researchers did not provide details on how they isolated or identified the sample, so the exact collection and analysis process remains undisclosed.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, spyware)

Google Pixel users are reporting severe battery drain after recent Android updates, with complaints spanning multiple models and no confirmed fix yet.

The post Google’s Pixel Update Sparks ‘Severe’ Battery Drain Across Multiple Models appeared first on TechRepublic.

Four Android banking malware campaigns are targeting more than 800 apps by abusing overlays, Accessibility permissions, and sideloaded fake apps to steal PINs.

The post Over 800 Android Apps Targeted in PIN-Stealing Trojan Campaign appeared first on TechRepublic.

From the FBI breach to the DarkSword iPhone exploit, these are the biggest cyber attacks and security failures that have shaped 2026 so far.

The post 2026’s Breach List So Far: FBI Hacked, 1B Androids at Risk, 270M iPhones Vulnerable appeared first on TechRepublic.

The post Beyond the IDE: How Google’s New Android CLI Enables 3x Faster Agent-Led Development appeared first on Daily CyberSecurity.

New research from Zimperium reveals four active Android malware campaigns, RecruitRat, SaferRat, Astrinox, and Massiv, targeting over 800 banking apps globally.