ESET found 28 CallPhantom scam apps on Google Play that promised fake call logs and had reached more than 7.3 million downloads before being removed.
The post Google Play Scam Apps Hit 7.3M Downloads with Fake Call Logs appeared first on TechRepublic.
Google released a security update for Android to address a critical remote code execution flaw, tracked as CVE‑2026‑0073, in the System component. The bug allowed attackers to run code as the shell user without needing extra permissions, or any user interaction.
The patch prevents potential full device compromise from remote exploitation.
“The vulnerability in this section could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation.” reads the advisory.
The flaw impacts ‘adbd’ (Android Debug Bridge daemon), the background process on an Android device that enables communication with a computer through the Android Debug Bridge (ADB) tool.
Google is not aware of any public exploits for this issue or of attacks in the wild exploiting CVE-2026-0073.
In March, Google confirmed that another vulnerability, tracked as CVE-2026-21385 (CVSS score of 7.8), in open-source Qualcomm component has been actively exploited.
The flaw is a buffer over-read in the Graphics component that could allow attackers to access sensitive memory data, underscoring ongoing risks to Android users.
The company did not disclose technical details about the attacks exploiting this vulnerability.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, Google)
Microsoft is set to bridge the gap in enterprise unified communications with a highly anticipated update to its conference room hardware. Starting in June 2026, Microsoft Teams Rooms on Android will officially support joining third-party external meetings through Session Initiation Protocol (SIP). This strategic development aims to deliver seamless cross-platform interoperability for organizations relying on […]
The post Microsoft Teams on Android Now Lets Users Join External Meetings Through SIP appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Meta patched two WhatsApp flaws affecting iOS, Android, and Windows users, including bugs tied to risky files, links, and Reels previews.
The post New WhatsApp Flaws Could Affect Billions of Users After Meta Security Patch appeared first on TechRepublic.
Google patched an Android zero-click RCE flaw affecting multiple versions. Here’s what IT teams should know and how to reduce mobile risk.
The post Google Update: Android Flaw Could Put Billions of Devices at Risk appeared first on TechRepublic.
The post Critical Zero-Click Android Flaw Grants Remote Shell Access Without Interaction appeared first on Daily CyberSecurity.
Google has published the May 2026 Android Security Bulletin, alerting the ecosystem to a highly severe remote code execution (RCE) flaw.
Tracked as CVE-2026-0073, this critical vulnerability resides deep within the core Android System component.
It allows an attacker to gain remote shell access without requiring a single tap, download, or click from the device owner.
Threat actors can launch this zero-click attack proximally, meaning they only need to be on the same local network or in physical proximity to exploit a vulnerable mobile device.
The root of CVE-2026-0073 lies within the adbd subcomponent, which stands for the Android Debug Bridge daemon.
Developers traditionally utilize this system service to communicate with a device, run terminal commands, and modify system behavior.
Because the flaw grants remote code execution as a “shell” user, attackers can bypass normal application sandboxes.
They do not need any special execution privileges or user interaction to deploy their malicious payloads successfully.
Imagine the adbd service as a restricted maintenance door on a secure corporate building.
This vulnerability acts like a master key that works over a wireless connection, allowing an intruder to quietly unlock the door and issue commands to the building’s internal systems without the security guard ever noticing.
This frictionless level of access makes the vulnerability highly dangerous and incredibly attractive to advanced threat actors.
Because the adbd service is a Project Mainline component distributed via Google Play system updates, the flaw affects multiple recent generations of the operating system.
Android 14, Android 15, Android 16, and Android 16-QPR2 devices are currently at risk.
Google has resolved this critical issue in the May 1, 2026, security patch level, as detailed in the Android Security Bulletin May 2026.
All Android hardware partners were notified of this vulnerability at least a month in advance to help them prepare over-the-air firmware updates.
Corresponding source code patches are also being pushed to the Android Open Source Project (AOSP) repository to ensure ongoing platform stability for the wider ecosystem.
Device owners must prioritize installing the latest security updates immediately to block potential exploitation.
To confirm that a device is protected, navigate to system settings and verify that the security patch level is May 1, 2026, or later.
Users should also manually check for pending Google Play system updates, as some devices running Android 10 or later may receive targeted component patches via this alternative channel.
Free Webinar to align your endpoint security to meet new requirements – Register Now
The post Critical Android Zero-Click Vulnerability Grants Remote Shell Access appeared first on Cyber Security News.
Explore the best VPNs for Android devices in 2026. Find out which VPN offers the best security, speed and features for your Android device.
The post 5 Best VPNs for Android in 2026 appeared first on TechRepublic.
New research has uncovered a Mirai-derived botnet called xlabs_v1 that turns Android devices with exposed Android Debug Bridge (ADB) into a distributed attack platform for knocking Minecraft servers and other game hosts offline. By abusing TCP port 5555 on poorly secured Android-based hardware, the operators are quietly building a rentable DDoS-for-hire service aimed at the gaming ecosystem. […]
The post Botnet Hijacks ADB-Exposed Android Devices to Target Minecraft Servers appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
Small business owners should be sure to fix these three non-technical risks that require little cybersecurity expertise.
The post 3 easy-to-miss cybersecurity risks for small businesses appeared first on Security Boulevard.
There’s a lot to security that isn’t necessarily “cyber.” It’s not all hackers or complex network attacks.
Alongside traditional cyberattacks that deploy malware or exploit known software vulnerabilities, there are also less technical—yet equally devastating—forms of theft.
This doesn’t mean that well-known cybersecurity best practices don’t apply. Every small business owner should still use unique passwords for every account, turn on multi-factor authentication, keep their software and operating systems updated, and run always-on cybersecurity software.
But for the everyday small business owner juggling dozens of accounts, networks, devices, and the reams of data being created, stored, and shared across text messages, emails, and online portals, this advice is for you.
For National Small Business Week in the US, here are three ways to protect your business that require little technical prowess.
In the US, the Internal Revenue Service (IRS) allows small business owners to use their personal Social Security Number (SSN) as the Federal Tax ID. It’s a small grace meant to simplify annual record-keeping for sole proprietors and owner-employees, but for cybercriminals, it’s a basic oversight they’d like every small business to make.
Using your Social Security Number as your Federal Tax ID means putting your Social Security Number in an ever-increasing number of hands. That’s because small business taxes are different from taxes for everyday salaried employees.
Whenever a small business takes on a new client or a contractor who pays for services costing at least $600, that small business has to share and receive what is called a W-9 form. This exact form isn’t filed with the IRS, but it is used to track payments for later filings.
What’s more important, though, is that this form asks for an owner’s name, address, and tax ID number.
This means that as a small business grows, its vulnerability to identity theft increases in tandem. Every W-9 filed that uses an owner’s SSN as their tax ID number is another opportunity for that SSN to be stolen. After just one year of operation, a small business owner’s SSN could end up in the inboxes, filing cabinets, and cloud drives of a dozen different people and companies.
This is exactly what cybercriminals want.
Equipped with a W-9 form about your business, a cybercriminal could impersonate you or your business. They could open a business credit line, file fraudulent returns that claim your small business income, or scam your clients.
How to stay safe:
Apply for a free Employer Identification Number (EIN) at IRS.gov. It’s quick to do and it separates your business tax identity from your personal tax identity. After that, put the EIN on W-9s, 1099s, and all other business paperwork instead of your SSN.
The most popular cloud storage for most small business owners is the cloud storage they already have—their personal Google Drive or iCloud.
Built to make memory archival as easy as possible, these tools can automatically back up and secure nearly every single moment that happens through your device, from the vacation photos you snapped last summer, to your kid’s first steps recorded on video, to the texts you sent, the notes you made, and the calendar appointments you managed.
But this type of automatic archival poses a threat to any non-personal information that you view, send, markup, or sign when using your personal smartphone. Suddenly, and often without thinking about it, your cloud storage has backups of signed contracts, tax returns, client intake forms, invoices, business financial statements, and photos of physical paperwork.
Above, we warned about using your SSN as your tax ID because it creates a risk if anyone in your business network is breached. But storing client information in your personal cloud storage creates a different problem: it puts that risk directly on you.
Compounding the threat here is the fact that many personal cloud storage accounts are shared with family members. More people accessing the same account means more exposure and more chances for mistakes, even if everyone has good intentions.
How to stay safe:
Go through the cloud backup settings on both your phone and your computer and manage what data is being synced. Move sensitive business files to a dedicated business storage account with proper access controls, sharing permissions, and audit logs—something that can tell you who opened a file and when.
If anything business-related has to live in a personal cloud account, give that account a strong, unique password, turn on multi-factor authentication, and don’t share access with anyone who isn’t you.
Devices have a funny way of moving around. Your smartphone goes into your spouse’s hands as they override your music choices in the car. Your tablet ends most nights in your kid’s bedroom as they watch TV. And your laptop gets tugged around from couch to counter to kitchen table—each time fully opened and logged in, a portal to the web.
You trust everyone in your home to act safely online, but the path to online safety is full of mistakes.
A single errant click on a fake ad, a malicious search result, or a disguised download is all it takes to compromise your device today, along with all your small business records.
Aside from the threat of malware, someone using your device could make purchases, accidentally delete files, and overwrite important documents.
Remember, an “insider threat” doesn’t need to be malicious to cause damage—they just need to be inside your network (which in this, is your home).
How to stay safe:
Treat your devices that you use for work as work devices. That means requiring a passcode or password for device entry, along with multi-factor authentication for important business accounts.
Also, to ensure that any wrong click doesn’t lead to a malicious PDF download or a wayward malware installation, use always-on antimalware protection software, like Malwarebytes for Teams.
It’s easy to get overwhelmed with modern cybersecurity advice. Every week there are new vulnerabilities to patch, emerging scams to avoid, and novel viruses and pieces of malware that can seemingly take over your device, your data, and your business.
Thankfully, there are important steps you can take today that don’t require you to fiddle with internal settings or take a class on network engineering. Some of the most effective protections are simple: Limit how widely you share sensitive information, keep business and personal data separate, and control who can access your devices.
For everything else, try Malwarebytes for Teams to receive 24/7, always-on antimalware protection to shut out viruses, block malware attacks, and keep hackers out of your business.
Samsung’s One UI 8.5 update may bring stronger Galaxy security controls as users report battery drain and overheating after recent patches.
The post Samsung’s Free Android Upgrade Brings Better Security to Galaxy Phones appeared first on TechRepublic.
A newly discovered Android spyware platform is raising concerns among cybersecurity researchers by introducing a business model that allows buyers to rebrand and resell surveillance malware as their own product. Buyers can subscribe to the service, customize branding, and launch their own spyware operation with minimal effort. KidsProtect presents itself as a parental monitoring app, […]
The post New Android Spyware Platform Enables Rebranding and Resale appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
The non-partisan, non-religious, nonprofit organization Osservatorio Nessuno
Attackers used a typical low-cost spyware tactic: disrupt a service and trick the victim into installing a fake app to restore it. In this case, targets received an SMS linking to a site impersonating an ISP. The first stage, a dropper app, installs a hidden second-stage payload embedded within it. It checks if the payload is already present, then silently deploys it with minimal user awareness.
The second stage disguises itself as legitimate system components, using fake icons and names to appear trustworthy. It forces users to grant dangerous permissions, including Accessibility access, which allows it to read screens, interact with apps, and capture sensitive data.
“After granting Accessibility permissions, the spyware starts a Permission Workflow that creates an overlay with a fake update process and a fake reboot screen. In background, the workflow performs all the steps to grant all the needed permissions. This includes enabling Developer Options, turning on Wireless Debugging, and locally pairing to the ADB daemon.” reads the report published by the Osservatorio Nessuno. “Conveniently, during the fake update the app disables the touchscreen by setting FLAG_NOT_TOUCHABLE on the whole full-screen overlay, leaving the user partially unable to respond to the infection.”
The malware also gains persistence by restarting after reboot and can request device admin privileges, making removal difficult. Overall, it enables long-term, covert surveillance of the infected device.
The spyware abuses overlay windows and Accessibility features to take control of the device and bypass protections. Using the powerful SYSTEM_ALERT_WINDOW permission, it displays fake screens, such as updates or reboots, while secretly granting itself permissions in the background, even disabling touch input to limit user control. It can trick victims into approving actions like linking a WhatsApp account by showing a fake biometric prompt.
It also enables Wireless Debugging and connects to ADB to gain elevated privileges, silently granting itself sensitive permissions, disabling security protections like camera/mic indicators and Play Protect, and turning off antivirus tools.
“In the third phase the spyware disables a number of known Antivirus software, including Google’s own SafetyCore, Bitdefender, Sophos, Avast, AVG, Malwarebytes, along with a handful of smaller “cleaner/antivirus” apps popular on low end devices.” continues the report. “None of these requires root, and persists across reboots since the Android security model treats user’s installed anti-malware software like ordinary apps.”
Finally, it adjusts system settings across different Android versions to ensure persistence, avoid detection, and maintain full access to the device.
The analysis of the source code suggests an Italian origin for the spyware, based on language clues and references like “aprafoco” and “Gomorra.” The malware supports multiple languages and Android devices, showing broader targeting. Its infrastructure uses encrypted configs, Italian-hosted servers, and domains linked to small ISPs and obscure entities with generic details.
The researchers found ties between hosting providers, fake or opaque companies, and shared contacts. The phishing domain is registered to a small Italian firm with minimal activity and links to other questionable businesses. Overlapping financial and corporate connections suggest a network of related entities potentially supporting the spyware operation while masking its true ownership.
Osservatorio Nessuno concluded that the spyware is linked to IPS Intelligence, an Italian firm active for over 30 years in lawful interception technologies used by governments to monitor communications through telecom and internet providers.
“While IPS Intelligence is a well‑known commercial surveillance provider, this is, to our knowledge, the first report linking them to the distribution and operation of spyware.” concludes the report. “Morpheus is extremely invasive: it can record audio and video, silently pair a WhatsApp device, erase evidence, and deliberately weaken the security of the infected phone, among other malicious capabilities.”
The researchers did not provide details on how they isolated or identified the sample, so the exact collection and analysis process remains undisclosed.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, spyware)
Science news:
Scientists have finally cracked a long-standing mystery about squid and cuttlefish evolution by analyzing newly sequenced genomes alongside global datasets. The research reveals that these bizarre, intelligent creatures likely originated deep in the ocean over 100 million years ago, surviving mass extinction events by retreating into oxygen-rich deep-sea refuges. For millions of years, their evolution barely changed—until a dramatic post-extinction boom sparked rapid diversification as they moved into new shallow-water habitats.
As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.
Entrar