🚨 A new phishing campaign is slipping past email defenses! Corrupted ZIP files and Office documents bypass antivirus and spam filters, landing directly in your inbox.

🚩 Why care? These cleverly crafted files could lead you straight to fake login pages or malware-laden sites. One wrong click could cost your data—or worse.

Read the full breakdown: https://thehackernews.com/2024/12/hackers-use-corrupted-zips-and-office.html

🚨 Alert: A critical vulnerability (CVE-2024-10905) in SailPoint's IdentityIQ software exposes sensitive content.

CVSS score? A whopping 10.0—maximum severity.

Affected versions span from 8.2 to 8.4 and earlier, putting countless systems at risk. Static files that should be locked down are now vulnerable to unauthorized access.

Learn more: https://thehackernews.com/2024/12/critical-sailpoint-identityiq.html

🛡️ Veeam users, take note! A critical flaw in the Service Provider Console (CVE-2024-42448) could allow remote code execution (RCE).

CVSS score: 9.9/10—this is as serious as it gets.

🔗 Don't wait, secure your systems today — https://thehackernews.com/2024/12/veeam-issues-patch-for-critical-rce.html

Cybersecurity agencies have issued a coordinated advisory along with an urgent checklist to combat the Salt Typhoon threat—a nation-state group linked to China that has been infiltrating U.S. telecom networks to steal sensitive data.

Dive into the full story: https://thehackernews.com/2024/12/joint-advisory-warns-of-prc-backed.html

A software supply chain attack targeted Solana's popular Solana's web3.js npm library (400,000+ weekly downloads). Malicious versions (1.95.6 and 1.95.7) were designed to steal users' private keys and drain cryptocurrency wallets.

The backdoor was cleverly hidden in the “addToQueue” function, seamlessly blending into legitimate code.

Learn more here 👉 https://thehackernews.com/2024/12/researchers-uncover-backdoor-in-solanas.html

Europol has dismantled MATRIX, an invite-only encrypted messaging service used by criminals, intercepting 2.3 million messages tied to drug trafficking, arms deals, and money laundering.

Read the full story: https://thehackernews.com/2024/12/europol-dismantles-criminal-messaging.html

Russia-linked APT group Turla has been hijacking the infrastructure of a Pakistani hacking group to spy on Afghan and Indian government targets by deploying custom #malware, TwoDash and Statuezy.

Learn more: https://thehackernews.com/2024/12/russia-linked-turla-exploits-pakistani.html

Dixon Technologies partners with Compal to Manufacture Google Pixels at its Noida Plant in India

Homegrown electronics contract manufacturer Dixon Technologies announced a pact with Taiwanese original design maker Compal Electronics to produce Google Pixel smartphones in India.

Dixon’s wholly owned subsidiary Padget Electronics will be making the high-end smartphones at its manufacturing facility in Noida. Foxconn subsidiary Wow Tech currently makes these phones at its Chennai unit and now Dixon will become the second contract manufacturer to make Pixels in India.

With Pixel phones in its bouquet, Dixon is now the contract manufacturer to almost every major smartphone brand in India, except Apple. The company will be making around 100,000 (1 Lakh) Pixel phones every month, of which 25-30% will be exported to countries like Singapore, Malaysia etc.

Unlike Compal in Vietnam, Dixon is quite strict in terms of leaks.

Follow @TechLeaksZone

Department of "Cybersecurity" and "High-Tech Crime Prevention" Ministry in Vietnam Blocked GSMArena Website Thinking it as a "Gambling Site". It's an ISP block and all major carriers in the Vietnam have blocked the access of GSMArena in Vietnam

Follow @TechLeaksZone

Google announced at I/O that Health Connect on Android would let apps sync more than 30 days worth of data (historical reads) as well as read data in the background (background reads).

Both of these features are already live in the version of Health Connect that ships with Android 15 as well as Android 14 devices with SDK Extension version 13.

However, apps need to be updated to take advantage of these features. Version 1.1.0-alpha09 of the Health Connect Jetpack library added support for the background reads feature, while -alpha10 added support for the historical reads feature.

Once apps add support (likely will start happening after v1.1.0 exits alpha), then you'll be able to manage their access to historical/background data through the Health Connect app, as shown above.

The Linux Terminal app in Android 15 QPR2 is fairly barebones in terms of what it can let you do right now, but a lot of improvements are in the works, including:

* Hardware acceleration support. If the file /sdcard/linux/virglrenderer exists on the device, VirGL for the VM will be enabled. This requires enabling ANGLE for the Terminal app.

* Graphical environment support. By installing Wayland compositor and VNC backend, you can enable a graphical environment.

(Note: I tried this already, but it didn't work - likely need to wait for a future update.)

* A backup option to preserve your Linux VM install. (A restore option is still in the works.)

* Forced portrait mode if there's no hardware keyboard attached.

* NDK APIs for AVF.

* Removal of the VMLauncher app and full integration into the Terminal app. (vm_launcher_lib is being integrated into Terminal.)

* Google's compiled Debian images will soon be downloaded from Google's download servers rather than GitHub. eg. here's a static link to the latest AArch64 images.

Google has announced that it's hardening Play Integrity API verdicts so they're less spoofable but also faster and more privacy-friendly.

- Improved device integrity verdicts on Android 13+ will require the use of hardware-backed security signals using Android Platform Key Attestation, making them much harder to bypass. Google will adjust verdicts when it detects "security threats across Android SDK versions, such as when there is evidence of excessive activity or key compromise."

- The Play Integrity API will now have the "same level of reliability and support across all Android form factors."

- Because these new verdicts reduce the number of device signals that need to be collected and evaluated, Google says verdict latency can improve by up to 80%.

Developers can opt in to use these new verdicts today or wait until May 2025 which is when all API integrations will automatically transition.

In addition:

- The "meets-strong-integrity" response is being updated to require a security patch level within the last year on devices running Android 13+.

- A new device attributes field lets apps adjust their behavior based on the user's Android SDK version.

- All optional verdict signals are being standardized across apps, games, SDKs, and more.

📱Huawei's Harmony OS Next doesn't natively support Android apps, but that hasn't stopped some people

A new tool called 'EasyAbroad' lets you run various Android apps like YouTube, Gmail, and more in a container. It seems to work surprisingly well!

The EU Commission is apparently planning a major expansion of surveillance measures for digital devices. Even household appliances are affected.

WhatsApp , telephones, voice assistants from Google or Apple and even smart refrigerators in homes should be able to be monitored in the future, if the EU Commission has its way. This is the result of a confidential proposal paper that a group of experts has drawn up on behalf of the EU Commission.

The 28-page paper proposes 42 points for more stringent surveillance. Work is already underway on the possible implementation of these plans.

Soft disclosures of things they are already doing. This also lines up "nicely" with Digital IDs.

Problem | Reaction | "Solution"

ARTICLE