The price of zero-day exploits, which are hacking tools that exploit unknown vulnerabilities in software, has skyrocketed in recent years as companies like Apple, Google, and Microsoft make it harder to hack their devices and apps. Crowdfense, a startup, is now offering millions of dollars for zero-days to break into iPhones, Android phones, Chrome, Safari, WhatsApp, and iMessage. This increase in prices reflects the growing difficulty in exploiting vulnerabilities, with experts noting that it now requires a team of researchers. The use of zero-days in law enforcement operations and alleged targeting of human rights dissidents and journalists has raised concerns, leading some companies to pledge to respect export controls to limit potential abuses from their customers.
Leaked documents from a Chinese security contractor, I-Soon, reveal extensive hacking activities and tools used by Chinese authorities to spy on both Chinese citizens and foreigners, including ethnic minorities and dissidents. The leaked files detail methods for surveilling dissidents overseas, hacking networks across Asia, and promoting pro-Beijing narratives on social media. The documents also indicate ties to the Ministry of Public Security and China's military, with targets including governments, telecommunications firms, and online gambling companies. Western governments have taken steps to block Chinese state surveillance and harassment of government critics overseas, while Chinese officials have accused the United States of similar activities.
Security expert Adrian Kingsley-Hughes warns about seven seemingly harmless tech gadgets that can be used as powerful hacking tools, including the Flipper Zero, O.MG cables, USBKill, USB Nugget, Wi-Fi Pineapple, USB Rubber Ducky, and LAN Turtle. These devices can execute various malicious actions such as controlling gadgets, stealing data, and gaining network access, while appearing innocuous. Kingsley-Hughes emphasizes the importance of being cautious about what is plugged into electronic devices to prevent potential security breaches.
Western intelligence and cybersecurity agencies, including the Five Eyes alliance, have published a report detailing a collection of hacking tools used by Russia's military intelligence service, the GRU, to target Android devices operated by the Ukrainian Armed Forces. The malware, known as "Infamous Chisel," allows the GRU to gain unauthorized access to compromised devices, scan files, monitor traffic, and steal sensitive information. The report highlights the lack of defense evasion or concealment techniques in the malware but warns that it still poses a serious threat due to the information it can collect.
