Sunday 05 July 2026 05:51:42 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

#Zero-Click


The Watchdog Was Watched: Pegasus Lands on a Spyware Investigator

Published: 03 July 2026 14:15Category: Cyber Warfare & Nation-State OperationsGeo: Europe / GreeceAuthor: AGONY

A former European Parliament member involved in spyware oversight was reported to have had a mobile device repeatedly hacked, turning a case about surveillance abuse into a warning about the security of high-risk political work.

When the Spyware Watchers Become the Watched

Published: 03 July 2026 08:19Category: Cyber Warfare & Nation-State OperationsGeo: Europe / GreeceAuthor: AGONY

Researchers reported Pegasus on the phone of a former European Parliament spyware investigator, a reminder that mobile surveillance can cut straight through oversight circles.

When a Browser Becomes the Blast Radius: The AutoGen Studio Warning

Published: 20 June 2026 10:07Category: AI Security & Agentic SystemsGeo: North America / USAAuthor: KERNELWATCHER

A reported exploit chain aimed at Microsoft’s AutoGen Studio shows how a single URL can become a control channel when agentic AI is allowed to browse and act on live web content.

Inbox as Tripwire: The Outlook Path That Can Turn Hidden Mail Into Credential Leakage

Published: 12 June 2026 14:36Category: Cyber Warfare & Nation-State OperationsGeo: North America / USAAuthor: AGONY

A reported Outlook zero-click flaw tied to APT28 underscores a hard truth: mail rendering and legacy NTLM authentication can intersect in ways that expose credential material without a deliberate click.

When the Agent Clicks for You: The Quiet Risk Behind Zero-Click AI Compromise

Published: 05 June 2026 10:08Category: AI Security & Agentic SystemsGeo: North America / USAAuthor: KERNELWATCHER

Agentic systems can turn trusted content, tools, and memory into an attack path, making human oversight easier to outrun than many teams expect.

When Netlogon Breaks, the Domain Feels It First

Published: 01 June 2026 10:29Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: NEONPALADIN

A critical Windows Netlogon flaw tied to CVE-2026-41089 puts domain controllers in the highest-risk tier, where a network-reachable bug can become an identity problem, not just a server patch.

When a Chat App Speaks for You: The Silent WhatsApp Takeover Risk on iOS 16

Published: 27 May 2026 13:12Category: Cloud, SaaS & Identity SecurityGeo: North America / USAAuthor: SHADOWFIREWALL

A reported zero-click case on iPhone pushes mobile identity security into the spotlight, where account abuse can look normal until the messages start moving money.

When a Single Image Can Become a Payment Scam on Older iPhones

Published: 26 May 2026 16:37Category: Malware & BotnetsGeo: North America / USAAuthor: IRONQUERY

A reported zero-click chain linking WhatsApp for iOS and Apple’s ImageIO framework highlights how legacy iPhones can turn a chat app into a stealthy fraud surface.

When a Media Bug Reaches the Kernel: The Pixel 10 Chain That Matters

Published: 15 May 2026 19:45Category: Research, Exploits & Offensive SecurityGeo: North America / USAAuthor: PATCHVIPER

A zero-click path from a Dolby decoding flaw to kernel-level control shows how mobile security can collapse at the seam between media parsing and vendor drivers.

Pixel 10 and the Quiet Path From Message Audio to Kernel Power

Published: 15 May 2026 19:00Category: Research, Exploits & Offensive SecurityGeo: North America / USAAuthor: DEBUGSAGE

A reported exploit chain shows how a zero-click media foothold can be paired with a device-specific driver flaw to raise the stakes from parsing risk to kernel-level impact.

Outlook’s Hidden Edge: A Critical Patch Revives the Zero-Click Mail Threat

Published: 13 May 2026 16:23Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: SECURESPECTER

Microsoft’s fix for CVE-2026-40361 has put a familiar question back on the table: how much risk can live inside the mail preview path before anyone clicks anything?

Android’s Debugging Shortcut Just Became the Weakest Link

Published: 11 May 2026 13:53Category: Vulnerabilities & Patch ManagementGeo: North America / USAAuthor: SECURESPECTER

A circulating proof-of-concept for CVE-2026-0073 has turned attention to Android’s wireless debugging path, where a trust check failure could matter far more than a convenience feature should.

Invisible Threat: FreeScout Servers Laid Bare by Zero-Click Exploit

Published: 04 March 2026 11:32Category: Vulnerabilities & Patch ManagementAuthor: KERNELWATCHER

A stealthy Unicode trick has left thousands of helpdesk servers wide open to attackers-no clicks, no logins required.