ReversingLabs’ 2025 Software Supply Chain Security Report finds that security flaws in commercial and open source code are epidemic as hackers target supply chains including those for cryptocurrency and AI in a play for access to sensitive data and IT assets.
An Israeli firm has exploited a flaw in the popular messaging mobile app WhatsApp to plant spyware on iPhones and Android. One phone call is all it takes for software developed by the Israeli firm NSO Group to install itself on a vulnerable iPhone or Android device, according to a published report in the FT Times. The publication broke the news, saying it potentially affects 1.5 billion users of the Facebook-owned WhatsApp messaging application, on Monday. WhatsApp quickly issued a fix for the exploit, described in an alert on the Facebook website as “a buffer overflow vulnerability in WhatsApp VOIP stack” that allows for “remote code execution via specially crafted series of SRTCP packets sent to a target phone number.” “WhatsApp encourages people to upgrade to the latest version of our app, as well as keep their mobile operating system up to date, to protect against potential targeted exploits designed […]
A group with links to the government of China was using hacking tools developed by the NSA even before they are believed to have been stolen, a new report contends.
Researchers at the firm FireEye warn that TRITON, a type of malware that targets industrial control safety systems, has resurfaced at a facility in the Middle East.
The compromise of device maker Asus Live Update Utility is just the latest evidence that sophisticated attackers have software supply chains in the crosshairs.
