The zero-click RCE bug found in Android’s System component allows attackers to gain arbitrary code execution without user interaction. The bug (CVE-2023-40088) is found in Android’s System component and can be exploited without additional privileges.

Phishing attackers are increasingly using PDF documents to conduct successful campaigns by exploiting the trustworthiness of the file format and leveraging social engineering tactics.

TrickMo replaces screen recording with collecting Accessibility event logs to gather data from running applications, requiring victims to grant Accessibility Service access.

ArmorCode aims to surface vulnerabilities in enterprise software and infrastructure through role-specific dashboards, providing threat intelligence tools and training for security teams.

The OpenZFS development team has released two new versions of the open-source cross-platform filesystem. Version 2.2.2 fixes a bug that caused data corruption in file copies and affected FreeBSD 14 and various Linux distros.

The International Committee of the Red Cross (ICRC) has released a set of rules for civilian hackers involved in cyber conflicts. The rules aim to clarify the line between civilians and combatants in cyberspace during times of war.

The attacks involve the use of weaponized documents with malicious macros that create a reverse shell, allowing the attackers to gain control over the compromised systems.

The ongoing attack spree by the BlackCat ransomware group extends beyond Vietnam Electricity, with social media platforms like Roblox and Twitch potentially being targeted next.

The exposed API tokens had write permissions, allowing attackers to modify files in account repositories and potentially manipulate existing models, posing a significant threat to organizations and their applications.

The European Space Agency is developing a Space Cybersecurity Operations Centre (C-SOC) to detect and respond to emerging cyberattacks on space system infrastructures and the space industry.