CVE-2026-0073 affects Android’s System component and it can be exploited without any user interaction. 

The post Critical Remote Code Execution Vulnerability Patched in Android appeared first on SecurityWeek.

The FCC has expanded its foreign-made router ban to also cover consumer Wi-Fi hotspots and LTE/5G home-internet devices, though existing products and phones with hotspot features are not affected. PCMag reports: On Wednesday, the FCC updated its FAQ on the ban, clarifying which consumer-grade routers are subject to the restrictions. Portable Wi-Fi hotspots are usually considered a separate category from Wi-Fi home routers. Both offer internet access, but portable Wi-Fi hotspots use a SIM card to connect to a cellular network rather than an Ethernet cable inside a residence. However, the FCC's FAQ now specifies that "consumer-grade portable or mobile MiFi Wi-Fi or hotspot devices for residential use" are covered under the ban. The ban also affects "LTE/5G CPE devices for residential use," which are installed for fixed wireless access and use a carrier's cellular network to deliver home internet. The FCC didn't immediately respond to a request for comment about the changes. In the meantime, the FAQ reiterates that the foreign-made router ban only applies to consumer-grade devices, not enterprise products. The document also notes that mobile phones with hotspot features remain outside the restrictions. In addition, the ban only affects new router models that vendors plan to sell, not existing models, as T-Mobile emphasized to PCMag.

Read more of this story at Slashdot.

Masquerading as popular cryptocurrency wallets, the apps can hijack recovery phrases and private keys.

The post Dozens of Malicious Crypto Apps Land in Apple App Store appeared first on SecurityWeek.

Offered as a MaaS to a small number of affiliates, mainly Russian speakers, the RAT can turn devices into residential proxy nodes.

The post Mirax RAT Targeting Android Users in Europe appeared first on SecurityWeek.

The parser is meant to mitigate the entire class of memory safety bugs in the low-level environment.

The post Google Adds Rust DNS Parser to Pixel Phones for Better Security appeared first on SecurityWeek.

The FCC has granted (PDF) Netgear the first exemption from its foreign-made router ban, allowing the company to keep selling new consumer router models made outside the U.S. through Oct. 1, 2027. PCMag reports: The Defense Department reviewed Netgear's application for an exemption and found that its products "do not pose risks to US national security." The FCC's order doesn't elaborate on why. Netgear is based in San Jose, California, although its products are made in Asia. The exemption, known as a conditional approval, lasts until Oct. 1, 2027. It covers a large range of future Wi-Fi models from Netgear, spanning the R, RAX, RAXE, RS, MK, MR, M, and MH series, the Orbi consumer mesh, mobile, and standalone routers under the RBK, RBE, RBR, RBRE, LBR, LBK, and CBK series, as well as cable gateways and cable modems under the CAX and CM series. The exemption isn't a full green light for the future product models from Netgear. The FCC says the company still needs to go through the normal Commission-regulated equipment authorization process for each device. The Oct. 1, 2027 date effectively amounts to a deadline for Netgear to receive FCC certification for the router models; each certification is also permanent, enabling the product to be sold in the US on an ongoing basis. This also suggests that Netgear has an 18-month period to receive FCC certifications for future products.

Read more of this story at Slashdot.

The security hole affected an EngageLab SDK and it was reported by Microsoft to the vendor one year ago.

The post Microsoft Finds Vulnerability Exposing Millions of Android Crypto Wallet Users appeared first on SecurityWeek.

A critical DoS vulnerability in the Framework component of Android has also been fixed with the latest update.

The post Severe StrongBox Vulnerability Patched in Android appeared first on SecurityWeek.

Shadow AI embedded in everyday apps, combined with outdated mobile devices and zero-click exploits, is creating a new and largely unseen mobile risk.

The post Mobile Attack Surface Expands as Enterprises Lose Control appeared first on SecurityWeek.

The DarkSword exploit kit has been used by both state-sponsored hackers and commercial spyware vendors.

The post Apple Rolls Out DarkSword Exploit Protection to More Devices appeared first on SecurityWeek.

The agency has not named the problematic foreign-made applications, but TikTok and Temu come to mind.

The post FBI Warns of Data Security Risks From China-Made Mobile Apps appeared first on SecurityWeek.

The state-sponsored group’s campaign has targeted government, higher education, financial, and legal entities, as well as think tanks.

The post Russian APT Star Blizzard Adopts DarkSword iOS Exploit Kit appeared first on SecurityWeek.

Coruna contains the updated version of a kernel exploit used in Operation Triangulation three years ago.

The post Coruna iOS Exploit Kit Likely an Update to Operation Triangulation appeared first on SecurityWeek.

New submitter the_skywise shares a report from Reuters: The U.S. Federal Communications Commission said on Monday it was banning the import of all new foreign-made consumer routers, the latest crackdown on Chinese-made electronic gear over security concerns. China is estimated to control at least 60% of the U.S. market for home routers, boxes that connect computers, phones, and smart devices to the internet. The FCC order does not impact the import or use of existing models, but will ban new ones. The agency said a White House-convened review deemed imported routers pose "a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure." It said malicious actors had exploited security gaps in foreign-made routers "to attack households, disrupt networks, enable espionage, and facilitate intellectual property theft," citing their role in major hacks like Volt and Salt Typhoon. The determination includes an exemption for routers the Pentagon deems do not pose unacceptable risks.

Read more of this story at Slashdot.

Cape offers a privacy-focused mobile virtual network operator (MVNO) service for consumers, enterprises, and governments.

The post Cape Raises $100 Million for Protection Against Cellular Security Threats appeared first on SecurityWeek.

In this blog, I’m going to walk you through how to get started with airodump-ng and some of the techniques that you can use to home in on access points of interest.

The post Hunt for Weak Spots in Your Wireless Network with Airodump-ng from the Aircrack-ng Suite appeared first on Black Hills Information Security, Inc..

In the world of cybersecurity, it’s important to understand what attack surfaces exist. The best way to understand something is by first doing it. Whether you’re an aspiring penetration tester, […]

The post Wi-Fi Forge: Practice Wi-Fi Security Without Hardware  appeared first on Black Hills Information Security, Inc..

This is the first installment in a series of blogs relating to practical analysis of wireless communications: what they are, how they work, and how they can be attacked. In […]

The post Ghost in the Wireless: An introduction to Airspace Analysis with Kismet  appeared first on Black Hills Information Security, Inc..

by William Oldert // BHIS Intern BHIS had a problem.   We needed an environment for students to learn WiFi hacking safely. Our original solution used interconnected physical network gear […]

The post WifiForge – WiFi Exploitation for the Classroom appeared first on Black Hills Information Security, Inc..

tl;dr: Install Wifiphisher on Kali and run a basic attack.  This crappy little copy/paste-able operation resulted in a functional Wifiphisher virtual environment on Kali (as of January 22, 2024).   Two […]

The post How to Install and Perform Wi-Fi Attacks with Wifiphisher  appeared first on Black Hills Information Security, Inc..