🚨 New GhostPairing Attacks allow full WhatsApp access via phone number
Source: https://t.co/0YbVPSnY5K
A newly discovered account takeover campaign targeting WhatsApp users demonstrates how attackers can compromise messaging accounts without stealing passwords or exploiting technical vulnerabilities.
The attack begins when victims receive messages from known contacts, typically suggesting they have found a photo. The message includes a link designed to appear as a Facebook content viewer.
When users click the link, they encounter a fake Facebook-themed page requesting verification before accessing content.
#cybersecuritynews
We are still here! Always here! Incinerator has been updated and many functionalities have been improved. We have added a changelog to Incinerator Cloud, so you can better view the updates in each version.
We have integrated a dynamic sandbox with our reverse engineering tools, creating a new form of reverse engineering tool. This makes APK reverse engineering and C2 location much more convenient! This is our new version of Incinerator!
📢 #bugbountytip
🛡️ If you can't see HTTP requests on Burp Suite while proxying a mobile device, the app might be built on Dart or Xamarin. Don't worry! Check out this handy trick to reveal all HTTP requests on Burp. Easy peasy bugs lying around. 😃
https://t.co/t6H65PCfAQ
We've discovered a new cyberattack against iOS called Triangulation.
The attack starts with iMessage with a malicious attachment, which, using a number of vulnerabilities in iOS installs spyware. No user action is required.
#IOSTriangulation
We discovered #Fleckpe - a new family of Android Trojan subscribers on Google Play, which sign up for paid services without the user’s knowledge. The Trojan targets mostly users from Thailand 🇹🇭. Fleckpe is active since at least the beginning of 2022 and is constantly developing with new features being added. For now, the discovered malicious apps have been removed from Google Play. More details coming soon :)
A WAF (Web Application Firewall) is used to protect your websites (& web-apps) but the Alibaba Cloud WAF command injection was bypassed via a wildcard query:
https://t.co/QTUM4E0bpd
#Telegram becoming a hub for #cybercrime! Researchers find threat actors using the platform to sell #phishing kits and set up campaigns.
Over 2.5 million malicious URLs generated using phishing kits on Telegram in the past 6 months!
Learn more: https://t.co/rfvvKiSVbt
#hacking