​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications apps.1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app...

Apple’s Bug Bounty Program

Apple is now offering a $2M bounty for a zero-click exploit. According to the Apple website: Today we’re announcing the next major chapter for Apple Security Bounty, featuring the industry’s highest rewards, expanded research categories, and a flag system for researchers to objectively demonstrat...

Top 3 MS Office Exploits Hackers Use in 2025 – Stay Alert!

Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim's system. Here are the top three Microsoft...

A week in security (December 18 – December 24)

Last week on Malwarebytes Labs: Comcast’s Xfinity breached by Citrix Bleed; 36 million customer’s data accessed How does ThreatDown Vulnerability Assessment and Patch Management work? How Outlook notification sounds can lead to zero-click exploits Update Chrome now! Emergency update patches...

New Zero-Click Exploits against iOS

Citizen Lab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Groups Pegasus spyware in 2022, and deployed by Mexico against human rights defenders. These vulnerabilities have all been patched. One interesting bit is that Apples Lockdown Mode part of iOS 16...

NSO Group Used 3 Zero-Click iPhone Exploits Against Human Rights Defenders

Israeli spyware maker NSO Group deployed at least three novel "zero-click" exploits against iPhones in 2022 to infiltrate defenses erected by Apple and deploy Pegasus, according to the latest findings from Citizen Lab. "NSO Group customers widely deployed at least three iOS 15 and iOS 16 zero-cli...

Samsung adds Message Guard protection against zero-click exploits

Samsung has announced the introduction of Message Guard for the Samsung Galaxy S23 series. It will be gradually rolled out to other Galaxy smartphones and tablets later this year. Message Guard works on images received in messages by the apps "Samsung Messages" and "Messages by Google" and...

Apple Warns of 3 New Vulnerabilities Affecting iPhone, iPad, and Mac Devices

Apple has revised the security advisories it released last month to include three new vulnerabilities impacting iOS, iPadOS, and macOS. The first flaw is a race condition in the Crash Reporter component CVE-2023-23520 that could enable a malicious actor to read arbitrary files as root. The iPhone...

Microsoft Details Gatekeeper Bypass Vulnerability in Apple macOS Systems

Microsoft has disclosed details of a now-patched security flaw in Apple macOS that could be exploited by an attacker to get around security protections imposed to prevent the execution of malicious applications. The shortcoming, dubbed Achilles CVE-2022-42821, CVSS score: 5.5, was addressed by th...

Pegasus Spyware Used to Hack Devices of Pro-Democracy Activists in Thailand — The Hacker News

Thai activists involved in the country's pro-democracy protests have had their smartphones infected with NSO Group's infamous Pegasus government-sponsored spyware. At least 30 individuals, spanning activists, academics, lawyers, and NGO workers, are believed to have been targeted between October...

E.U. Officials Reportedly Targeted with Israeli Pegasus Spyware

Senior officials in the European Union were allegedly targeted with NSO Group's infamous Pegasus surveillance tool, according to a new report from Reuters. At least five individuals, including European Justice Commissioner Didier Reynders, are said to have been singled out in total, the news agen...

Zooming in on Zero-click Exploits

Posted by Natalie Silvanovich, Project Zero Zoom is a video conferencing platform that has gained popularity throughout the pandemic. Unlike other video conferencing systems that I have investigated, where one user initiates a call that other users must immediately accept or reject, Zoom calls ar...

Pegasus Spyware Reportedly Hacked iPhones of U.S. State Department and Diplomats

Apple reportedly notified several U.S. Embassy and State Department employees that their iPhones may have been targeted by an unknown assailant using state-sponsored spyware created by the controversial Israeli company NSO Group, according to multiple reports from Reuters and The Washington Post...