zero-click Archives

AppWizard

December 16, 2025

Search Labs initiates a Google app test that lets users ‘tailor’ their feed on Android

Search Labs has introduced a feature called "Tailor your feed" within the Google app for Android, currently in testing phases across the U.S. This tool allows users to customize the content they see and avoid, leveraging user prompts for a more personalized experience. The feature builds on Google's earlier Discover feed experiment and is powered by advanced AI technology. Additionally, Google previously tested the "Daily Listen" feature, which created audio summaries of content based on users' Discover feeds and search behaviors, aiming for a streamlined online experience.

AppWizard

November 26, 2025

Hackers Bypass Signal, Telegram And WhatsApp Encryption To Read Messages

CISA has issued a warning about spyware targeting users of instant messaging applications, particularly highlighting the Sturnus trojan, which poses significant risks to Android smartphone users. Sturnus, identified as a banking trojan, can bypass encrypted messaging by capturing messages after they are decrypted on the smartphone screen, rather than cracking the encryption itself. Security expert Aditya Sood noted that Sturnus uses a combination of plaintext, RSA, and AES-encrypted communication, complicating detection efforts. The trojan can read everything displayed on the smartphone screen in real time, including sensitive messages and contacts. CISA also identified tactics used by cyber threat actors, such as phishing, zero-click exploits, and impersonation to gain unauthorized access to messaging apps. Users are advised to keep Google’s Play Protect activated, avoid unauthorized app stores, and be cautious with accessibility permissions to protect against these threats.

AppWizard

November 25, 2025

CISA alert draws attention to spyware’s targeting of messaging apps

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about the increasing threat of spyware targeting messaging applications, particularly on Android devices like Samsung. Cybercriminals are using social engineering techniques, including sending harmless-looking image files via WhatsApp, to install malicious software. Russian hackers have been reported to compromise Signal accounts. The alert highlights a focus on high-value individuals, including government officials and civil society members in the U.S., Middle East, and Europe. CISA has a history of issuing such alerts and provides cybersecurity guidance, including a "must-patch" list for federal agencies. Users are advised to be vigilant and follow mobile security guidelines, as threat groups are also using malicious QR codes and zero-click exploits to compromise devices.

Winsage

August 11, 2025

Win-DoS’ Zero-Click Exploit Could Weaponize Windows Infrastructure for DDoS Attacks

Security researchers have identified a "zero-click" denial-of-service (DoS) exploit that can covertly turn Microsoft Windows Domain Controllers (DCs) into a global botnet. DDoS attacks increased by 56% year-over-year in late 2024, with Cloudflare blocking an attack that peaked at 7.3 Tbps in 2025. The average minute of downtime from these attacks costs businesses approximately ,000, with incidents for small and midsize firms exceeding 0,000. The exploit, known as Win-DDoS, leverages the Lightweight Directory Access Protocol (LDAP) client in Windows, allowing DCs to automatically target victim servers through LDAP referrals without user interaction. This results in thousands of DCs inadvertently overwhelming a target with TCP traffic. Four vulnerabilities (CVEs) related to this exploit were disclosed to Microsoft in March 2025 and addressed in subsequent patch releases in June and July 2025. These vulnerabilities include: - CVE-2025-32724: LSASS (LDAP client) - None needed, causes memory exhaustion/DC crash, patched June 2025. - CVE-2025-26673: NetLogon (RPC) - None needed, causes TorpeDoS memory crash, patched May 2025. - CVE-2025-49716: NetLogon (RPC) - None needed, causes Stateless RPC DoS, patched July 2025. - CVE-2025-49722: Print Spooler (RPC) - Authenticated user needed, causes any Windows endpoint crash, patched July 2025. The vulnerabilities indicate significant architectural flaws in the LDAP client’s referral logic and RPC interfaces. SafeBreach advises administrators to apply patches promptly and limit DC exposure to the Internet. The emergence of Win-DDoS marks a shift in attack strategies, utilizing legitimate servers for amplification without leaving malware traces, complicating detection and response efforts. Enterprises are urged to enhance their threat models and implement DoS hardening measures.