In a nod to the evolving threat landscape that comes with cloud computing and AI and the growing supply chain threats, Microsoft is broadening its bug bounty program to reward researchers who uncover threats to its users that come from third-party code, like commercial and open source software,

The post Microsoft Expands its Bug Bounty Program to Include Third-Party Code appeared first on Security Boulevard.

A threat group dubbed ShadyPanda exploited traditional extension processes in browser marketplaces by uploading legitimate extensions and then quietly weaponization them with malicious updates, infecting 4.3 million Chrome and Edge users with RCE malware and spyware.

The post ShadyPanda’s Years-Long Browser Hack Infected 4.3 Million Users appeared first on Security Boulevard.

The FBI says that account takeover scams this year have resulted in 5,100-plus complaints in the U.S. and $262 million in money stolen, and Bitdefender says the combination of the growing number of ATO incidents and risky consumer behavior is creating an increasingly dangerous environment that will let such fraud expand.

The post FBI: Account Takeover Scammers Stole $262 Million this Year appeared first on Security Boulevard.

Agencies with the US and other countries have gone hard after bulletproof hosting services providers this month, including Media Land, Hypercore, and associated companies and individuals, while the FiveEyes threat intelligence alliance published BPH mitigation guidelines for ISPs, cloud providers, and network defenders.

The post U.S., International Partners Target Bulletproof Hosting Services appeared first on Security Boulevard.

An attack on the app of CRM platform-provider Gainsight led to the data of hundreds of Salesforce customers being compromised, highlighting the ongoing threats posed by third-party software in SaaS environments and illustrating how one data breach can lead to others, cybersecurity pros say.

The post Salesforce: Some Customer Data Accessed via Gainsight Breach appeared first on Security Boulevard.

CyLab-Africa researchers partner with mobile security provider for summer collaboration experience

Researchers from CyLab-Africa and the Upanzi Network recently partnered with the mobile security provider Approov to explore the security of common financial services apps used across Africa. After surveying 224 popular financial applications, the researchers found that 95 percent of these Android apps exposed secrets that can be used to reveal personal and financial data. Across these applications, approximately 272 million users have the potential to be victims of the security flaws.

The post The Security Landscape of Mobile Apps in Africa appeared first on Security Boulevard.

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Runze Zhang (Georgia Institute of Technology), Mingxuan Yao (Georgia Institute of Technology), Haichuan Xu (Georgia Institute of Technology), Omar Alrawi (Georgia Institute of Technology), Jeman Park (Kyung Hee University), Brendan Saltaformaggio (Georgia Institute of Technology)

-----------

PAPER
Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse
For decades, law enforcement and commercial entities have attempted botnet takedowns with mixed success. These efforts, relying on DNS sink-holing or seizing C&C infrastructure, require months of preparation and often omit the cleanup of left-over infected machines. This allows botnet operators to push updates to the bots and re-establish their control. In this paper, we expand the goal of malware takedowns to include the covert and timely removal of frontend bots from infected devices. Specifically, this work proposes seizing the malware's built-in update mechanism to distribute crafted remediation payloads. Our research aims to enable this necessary but challenging remediation step after obtaining legal permission. We developed ECHO, an automated malware forensics pipeline that extracts payload deployment routines and generates remediation payloads to disable or remove the frontend bots on infected devices. Our study of 702 Android malware shows that 523 malware can be remediated via ECHO's takedown approach, ranging from covertly warning users about malware infection to uninstalling the malware.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Hitchhiking Vaccine: Enhancing Botnet Remediation With Remote Code Deployment Reuse appeared first on Security Boulevard.

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Chang Yue (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Kai Chen (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Zhixiu Guo (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China), Jun Dai, Xiaoyan Sun (Department of Computer Science, Worcester Polytechnic Institute), Yi Yang (Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China)

-----------

PAPER
What's Done Is Not What's Claimed: Detecting and Interpreting Inconsistencies in App Behaviors
The widespread use of mobile apps meets user needs but also raises security concerns. Current security analysis methods often fall short in addressing user concerns as they do not parse app behavior from the user's standpoint, leading to users not fully understanding the risks within the apps and unknowingly exposing themselves to privacy breaches. On one hand, their analysis and results are usually presented at the code level, which may not be comprehensible to users. On the other hand, they neglect to account for the users' perceptions of the app behavior. In this paper, we aim to extract user-related behaviors from apps and explain them to users in a comprehensible natural language form, enabling users to perceive the gap between their expectations and the app's actual behavior, and assess the risks within the inconsistencies independently. Through experiments, our tool InconPreter is shown to effectively extract inconsistent behaviors from apps and provide accurate and reasonable explanations. InconPreter achieves an inconsistency identification precision of 94.89% on our labeled dataset, and a risk analysis accuracy of 94.56% on widely used Android malware datasets. When applied to real-world (wild) apps, InconPreter identifies 1,664 risky inconsistent behaviors from 413 apps out of 10,878 apps crawled from Google Play, including the leakage of location, SMS, and contact information, as well as unauthorized audio recording, etc., potentially affecting millions of users. Moreover, InconPreter can detect some behaviors that are not identified by previous tools, such as unauthorized location disclosure in various scenarios (e.g. taking photos, chatting, and enabling mobile hotspots, etc.). We conduct a thorough analysis of the discovered behaviors to deepen the understanding of inconsistent behaviors, thereby helping users better manage their privacy and providing insights for privacy design in further app development.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Detecting And Interpreting Inconsistencies In App Behaviors appeared first on Security Boulevard.

-----------

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Yuqing Yang (The Ohio State University), Yue Zhang (Drexel University), Zhiqiang Lin (The Ohio State University)

-----------

PAPER
Understanding Miniapp Malware: Identification, Dissection, and Characterization
Super apps, serving as centralized platforms that manage user information and integrate third-party miniapps, have revolutionized mobile computing but also introduced significant security risks from malicious miniapps. Despite the mandatory miniapp vetting enforced to the built-in miniapp store, the threat of evolving miniapp malware persists, engaging in a continual cat-and-mouse game with platform security measures. However, compared with traditional paradigms such as mobile and web computing, there has been a lack of miniapp malware dataset available for the community to explore, hindering the generation of crucial insights and the development of robust detection techniques. In response to this, this paper addresses the scarcely explored territory of malicious miniapp analysis, dedicating over three year to identifying, dissecting, and examining the risks posed by these miniapps, resulting in the first miniapp malware dataset now available to aid future studies to enhance the security of super app ecosystems. To build the dataset, our primary focus has been on the WeChat platform, the largest super app, hosting millions of miniapps and serving a billion users. Over an extensive period, we collected over 4.5 million miniapps, identifying a subset (19, 905) as malicious through a rigorous cross-check process: 1) applying static signatures derived from real-world cases, and 2) confirming that the miniapps were delisted and removed from the market by the platform. With these identified samples, we proceed to characterize them, focusing on their lifecycle including propagation, activation, as well as payload execution. Additionally, we analyzed the collected malware samples using real-world cases to demonstrate their practical security impact. Our findings reveal that these malware frequently target user privacy, leverage social network sharing capabilities to disseminate unauthorized services, and manipulate the advertisement-based revenue model to illicitly generate profits. These actions result in significant privacy and financial harm to both users and the platform.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Understanding Miniapp Malware: Identification, Dissection, And Characterization appeared first on Security Boulevard.

-----------

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Yizhe Shi (Fudan University), Zhemin Yang (Fudan University), Kangwei Zhong (Fudan University), Guangliang Yang (Fudan University), Yifan Yang (Fudan University), Xiaohan Zhang (Fudan University), Min Yang (Fudan University)

PAPER
The Skeleton Keys: A Large Scale Analysis of Credential Leakage in Mini-apps
In recent years, the app-in-app paradigm, involving super-app and mini-app, has been becoming increasingly popular in the mobile ecosystem. Super-app platforms offer mini-app servers access to a suite of powerful and sensitive services, including payment processing and mini-app analytics. This access empowers mini-app servers to enhance their offerings with robust and practical functionalities and better serve their mini-apps. To safeguard these essential services, a credential-based authentication system has been implemented, facilitating secure access between super-app platforms and mini-app servers. However, the design and workflow of the crucial credential mechanism still remain unclear. More importantly, its security has not been comprehensively understood or explored to date. In this paper, we conduct the first systematic study of the credential system in the app-in-app paradigm and draw the security landscape of credential leakage risks. Consequently, our study shows that 21 popular super-app platforms delegate sensitive services to mini-app servers with seven types of credentials. Unfortunately, these credentials may suffer from leakage threats caused by malicious mini-app users, posing serious security threats to both super-app platforms and mini-app servers. Then, we design and implement a novel credential security verification tool, called KeyMagnet, that can effectively assess the security implications of credential leakage. To tackle unstructured and dynamically retrieved credentials in the app-in-app paradigm, KeyMagnet extracts and understands the semantics of credential-use in mini-apps and verifies their security. Last, by applying KeyMagnet on 413,775 real-world mini-apps of 6 super-app platforms, 84,491 credential leaks are detected, spanning over 54,728 mini-apps. We confirm credential leakage can cause serious security hazards, such as hijacking the accounts of all mini-app users and stealing users' sensitive data. In response, we have engaged in responsible vulnerability disclosure with the corresponding developers and are actively helping them resolve these issues. At the time of writing, 89 reported issues have been assigned with CVE IDs.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

The post NDSS 2025 – The Skeleton Keys: A Large Scale Analysis Of Credential Leakage In Mini-Apps appeared first on Security Boulevard.

Four U.S. citizens and a Ukrainian national pleaded guilty to their roles in a North Korean IT worker scam that victimized more than 135 U.S. companies and netted more than $2.2 million for the DPRK regime and is military and weapons programs.

The post 4 U.S. Citizens, Ukrainian Plead Guilty in N. Korea IT Worker Scheme appeared first on Security Boulevard.

SESSION
Session 3C: Mobile Security

-----------

-----------

Authors, Creators & Presenters: Xiangyu Guo (University of Toronto), Akshay Kawlay (University of Toronto), Eric Liu (University of Toronto), David Lie (University of Toronto)

-----------

PAPER
EvoCrawl: Exploring Web Application Code and State using Evolutionary Search
As more critical services move onto the web, it has become increasingly important to detect and address vulnerabilities in web applications. These vulnerabilities only occur under specific conditions: when 1) the vulnerable code is executed and 2) the web application is in the required state. If the application is not in the required state, then even if the vulnerable code is executed, the vulnerability may not be triggered. Previous work naively explores the application state by filling every field and triggering every JavaScript event before submitting HTML forms. However, this simplistic approach can fail to satisfy constraints between the web page elements, as well as input format constraints. To address this, we present EvoCrawl, a web crawler that uses evolutionary search to efficiently find different sequences of web interactions. EvoCrawl finds sequences that can successfully submit inputs to web applications and thus explore more code and server-side states than previous approaches. To assess the benefits of EvoCrawl we evaluate it against three state-of-the-art vulnerability scanners on ten web applications. We find that EvoCrawl achieves better code coverage due to its ability to execute code that can only be executed when the application is in a particular state. On average, EvoCrawl achieves a 59% increase in code coverage and successfully submits HTML forms 5x more frequently than the next best tool. By integrating IDOR and XSS vulnerability scanners, we used EvoCrawl to find eight zero-day IDOR and XSS vulnerabilities in WordPress, HotCRP, Kanboard, ImpressCMS, and GitLab.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – EvoCrawl: Exploring Web Application Code And State Using Evolutionary Search appeared first on Security Boulevard.

Microsoft mitigated what it called a record-breaking DDoS attack by bad actor using the Aisuru botnet, a collection of about 300,000 infected IoT devices. The size of the attack and the botnet used in it is the latest example of a DDoS environment that continues to scale in pace with the internet.

The post Microsoft Fends Off Massive DDoS Attack by Aisuru Botnet Operators appeared first on Security Boulevard.

SESSION
Session 3B: Wireless, Cellular & Satellite Security

-----------

-----------

Authors, Creators & Presenters: Philipp Mackensen (Ruhr University Bochum), Paul Staat (Max Planck Institute for Security and Privacy), Stefan Roth (Ruhr University Bochum), Aydin Sezgin (Ruhr University Bochum), Christof Paar (Max Planck Institute for Security and Privacy), Veelasha Moonsamy (Ruhr University Bochum)

-----------

PAPER

-----------

Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces

-----------

Wireless communication infrastructure is a cornerstone of modern digital society, yet it remains vulnerable to the persistent threat of wireless jamming. Attackers can easily create radio interference to overshadow legitimate signals, leading to denial of service. The broadcast nature of radio signal propagation makes such attacks possible in the first place, but at the same time poses a challenge for the attacker: The jamming signal does not only reach the victim device but also other neighboring devices, preventing precise attack targeting. In this work, we solve this challenge by leveraging the emerging RIS technology, for the first time, for precise delivery of jamming signals. In particular, we propose a novel approach that allows for environment-adaptive spatial control of wireless jamming signals, granting a new degree of freedom to perform jamming attacks. We explore this novel method with extensive experimentation and demonstrate that our approach can disable the wireless communication of one or multiple victim devices while leaving neighboring devices unaffected. Notably, our method extends to challenging scenarios where wireless devices are very close to each other: We demonstrate complete denial-of-service of a Wi-Fi device while a second device located at a distance as close as 5 mm remains unaffected, sustaining wireless communication at a data rate of 25 Mbit/s. Lastly, we conclude by proposing potential countermeasures to thwart RIS-based spatial domain wireless jamming attacks.

-----------

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

-----------

Our thanks to the **[Network and Distributed System Security (NDSS) Symposium][1]** for publishing their Creators, Authors and Presenter’s superb **[NDSS Symposium 2025 Conference][2]** content on the **[organization’s’][1]** **[YouTube][3]** channel.

Permalink

The post NDSS 2025 – Spatial-Domain Wireless Jamming With Reconfigurable Intelligent Surfaces appeared first on Security Boulevard.

Google is suing the Smishing Triad group behind the Lighthouse phishing-as-a-service kit that has been used over the past two years to scam more than 1 million people around the world with fraudulent package delivery or EZ-Pass toll fee messages and stealing millions of credit card numbers. Google also is backing bills in Congress to address the threat.

The post Google Uses Courts, Congress to Counter Massive Smishing Campaign appeared first on Security Boulevard.

AI vendor Anthropic says a China-backed threat group used the agentic capabilities in its Claude AI model to automate as much as 90% of the operations in a info-stealing campaign that presages how hackers will used increasingly sophisticated AI capabilities in future cyberattacks.

The post Anthropic Claude AI Used by Chinese-Back Hackers in Spy Campaign appeared first on Security Boulevard.

Updated November 2025

This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. The imminent deprecation of Google SafetyNet Attestation API means this is a good time for a comprehensive evaluation of solutions in this space.

The post The Limitations of Google Play Integrity API (ex SafetyNet) appeared first on Security Boulevard.

AI agents are increasingly being used to search the web, making traditional bot mitigation systems inadequate and opening the door for malicious actors to develop and deploy bots that impersonate legitimate agents from AI vendors to launch account takeover and financial fraud attacks.

The post Radware: Bad Actors Spoofing AI Agents to Bypass Malicious Bot Defenses appeared first on Security Boulevard.

FCC Chair Brendan Carr said the agency will look to eliminate a declaratory ruling made by his predecessor that aimed to give the government more power to force carriers to strengthen the security of their networks in the wake of the widespread hacks by China nation-state threat group Salt Typhoon last year.

The post FCC Chair Carr Looks to Eliminate Telecom Cybersecurity Ruling appeared first on Security Boulevard.

So long and thanks for all the fish: Peter Williams admits to selling unpatched iPhone bugs to a shady Russian broker.

The post US Defense Contractor Boss Sold Zero Days to Russia — Cops a Plea appeared first on Security Boulevard.

Obsidian Security says it is creating a working group of security leaders to pressure SaaS vendors to adopt standards like the SSCF to make their online applications safer as the cyber threats against them escalate and the use of AI agents in SaaS tools continues to expand.

The post Obsidian: SaaS Vendors Must Adopt Security Standards as Threats Grow appeared first on Security Boulevard.

How trending are mobile apps? Statistics say that mobile apps are now a part of 70% of the digital interactions across the globe. The number of smartphone users now stands at over 6.8 billion. Based on the most recent available data from 2023, 40% of data breaches were linked to mobile app vulnerabilities, and, given […]

The post OWASP Mobile Top 10 for Android – How AutoSecT Detects Each Risk? appeared first on Kratikal Blogs.

The post OWASP Mobile Top 10 for Android – How AutoSecT Detects Each Risk? appeared first on Security Boulevard.

Is your phone suddenly flooded with aggressive ads, slowing down performance or leading to unusual app behavior? Here’s what to do.

Your iPhone isn't necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.