Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox's Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox's Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.
Last week Google’s Threat Analysis Group (TAG), in partnership with The Citizen Lab, discovered an in-the-wild 0-day exploit chain for iPhones. Developed by the commercial surveillance vendor, Intellexa, this exploit chain is used to install its Predator spyware surreptitiously onto a device.
In response, yesterday, Apple patched the bugs in iOS 16.7 and iOS 17.0.1 as CVE-2023-41991, CVE-2023-41992, CVE-2023-41993. This quick patching from Apple helps to better protect users and we encourage all iOS users to install them as soon as possible.
A recent Chinese-linked hack of U.S. government emails detected in June may have gone unnoticed for much longer were it not for an enterprising government IT analyst.
A State Department cybersecurity expert spearheaded an effort to implant a custom warning mechanism into the agency’s network more than two years ago in anticipation of future hacks, the officials said, shedding new light on how they spotted the breach, top State Department officials told POLITICO.
The three zero-day flaws addressed by Apple on September 21, 2023, were leveraged as part of an iPhone exploit chain in an attempt to deliver a spyware strain called Predator targeting former Egyptian member of parliament Ahmed Eltantawy between May and September 2023.
"The targeting took place after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections," the Citizen Lab said, attributing the attack with high confidence to the Egyptian government owing to it being a known customer of the commercial spying tool.
Apple released emergency security updates to patch three new zero-day vulnerabilities exploited in attacks targeting iPhone and Mac users, for a total of 16 zero-days patched this year.
A cyberattack hit the International Criminal Court (ICC) disclosed a cyberattack this week, its systems were compromised last week.
NoEscape promises 'colossal wave of problems' if IJC doesn't pay up
The International Joint Commission, a body that manages water rights along the US-Canada border, has confirmed its IT security was targeted, after a ransomware gang claimed it stole 80GB of data from the organization.
GitLab rolled out security patches to address a critical flaw (CVE-2023-5009) that can be exploited to run pipelines as another user.
I recently found an integer overflow in the Linux kernel, which leads
to the kernel allocating skb_shared_info in the userspace, which is
exploitable in systems without SMAP protection since skb_shared_info
contains references to function pointers.
A phony proof-of-concept (PoC) code for CVE-2023-40477 delivered a payload of VenomRAT. We detail our findings, including an analysis of the malicious code.
Wiz Research found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token
Bethesda's roadmap for the fiscal years starting in 2020 and ending in 2024 has made its way online as part of the documents leaked from the FTC v. Microsoft case.
A software repository on GitHub dedicated to supplying open-source code and AI models for image recognition was left open to manipulation by bad actors thanks to an insecure URL.
Netskope Threat Labs is tracking a campaign that uses malicious Python scripts to steal Facebook users’ credentials and browser data. This campaign targets Facebook business accounts with bogus Facebook messages with a malicious file attached. The attacks are reaching victims mainly in Southern Europe and North America across different segments, led by the manufacturing services and technology sectors.
