A former European Parliament member involved in spyware oversight was reported to have had a mobile device repeatedly hacked, turning a case about surveillance abuse into a warning about the security of high-risk political work.
Researchers reported Pegasus on the phone of a former European Parliament spyware investigator, a reminder that mobile surveillance can cut straight through oversight circles.
A reported exploit chain aimed at Microsoft’s AutoGen Studio shows how a single URL can become a control channel when agentic AI is allowed to browse and act on live web content.
A reported Outlook zero-click flaw tied to APT28 underscores a hard truth: mail rendering and legacy NTLM authentication can intersect in ways that expose credential material without a deliberate click.
Agentic systems can turn trusted content, tools, and memory into an attack path, making human oversight easier to outrun than many teams expect.
A critical Windows Netlogon flaw tied to CVE-2026-41089 puts domain controllers in the highest-risk tier, where a network-reachable bug can become an identity problem, not just a server patch.
A reported zero-click case on iPhone pushes mobile identity security into the spotlight, where account abuse can look normal until the messages start moving money.
A reported zero-click chain linking WhatsApp for iOS and Apple’s ImageIO framework highlights how legacy iPhones can turn a chat app into a stealthy fraud surface.
A zero-click path from a Dolby decoding flaw to kernel-level control shows how mobile security can collapse at the seam between media parsing and vendor drivers.
A reported exploit chain shows how a zero-click media foothold can be paired with a device-specific driver flaw to raise the stakes from parsing risk to kernel-level impact.
Microsoft’s fix for CVE-2026-40361 has put a familiar question back on the table: how much risk can live inside the mail preview path before anyone clicks anything?
A circulating proof-of-concept for CVE-2026-0073 has turned attention to Android’s wireless debugging path, where a trust check failure could matter far more than a convenience feature should.
A stealthy Unicode trick has left thousands of helpdesk servers wide open to attackers-no clicks, no logins required.