Spyware masquerading as modified versions of Telegram have been spotted in the Google Play Store that's designed to harvest sensitive information from compromised Android devices.

According to Kaspersky security researcher Igor Golovin, the apps come with nefarious features to capture and exfiltrate names, user IDs, contacts, phone numbers, and chat messages to an actor-controlled server.

The activity has been codenamed Evil Telegram by the Russian cybersecurity company.

A threat actor called Redfly has been linked to a compromise of a national grid located in an unnamed Asian country for as long as six months earlier this year using a known malware referred to as ShadowPad.

"The attackers managed to steal credentials and compromise multiple computers on the organization's network," the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News. "The attack is the latest in a series of espionage intrusions against [critical national infrastructure] targets."

ShadowPad, also known as PoisonPlug, is a follow-up to the PlugX remote access trojan and is a modular implant capable of loading additional plugins dynamically from a remote server as required to harvest sensitive data from breached networks.

Apple released security updates for older iPhones to fix a zero-day vulnerability tracked as CVE-2023-41064 that was actively exploited to infect iOS devices with NSO's Pegasus spyware.

CVE-2023-31064 is a remote code execution flaw that is exploited by sending maliciously crafted images via iMessage.

As reported by Citizen Lab earlier this month, CVE-2023-31064 and a second flaw tracked as CVE-2023-41061 were used as a zero-click attack chain dubbed BLASTPASS, which involves sending specially crafted images in iMessage PassKit attachments to install spyware.

When the phones received and processed the attachment, it installed NSO's Pegasus spyware, even on fully patched iOS (16.6) devices.

Apple released fixes for the two flaws with macOS Ventura 13.5.2, iOS 16.6.1, iPadOS 16.6.1, and watchOS 9.6.2, and CISA published an alert requiring federal agencies to patch by October 2, 2023.

The security updates have now been backported to iOS 15.7.9 and iPadOS 15.7.9, macOS Monterey 12.6.9, and macOS Big Sur 11.7.10 to prevent the use of this attack chain on those devices.

Adobe has released security updates to patch a zero-day vulnerability in Acrobat and Reader tagged as exploited in attacks.

Even though additional information on the attacks is yet to be disclosed, the zero-day is known to affect both Windows and macOS systems.

"Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader," the company said in a security advisory published today.

The critical security flaw is tracked as CVE-2023-26369 and can let attackers gain code execution after successfully exploiting an out-of-bounds write weakness.

While threat actors can exploit it in low-complexity attacks without requiring privileges, the flaw can only be exploited by local attackers, and it also requires user interaction, according to its CVSS v3.1 score. 

CVE-2023-26369 was classified by Addobe with a maximum priority rating, with the company strongly advising administrators to install the update as soon as possible...

Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year.

"Google is aware that an exploit for CVE-2023-4863 exists in the wild," the company revealed in a security advisory published on Monday.

The new version is currently rolling out to users in the Stable and Extended stable channels, and it's estimated that it will reach the entire user base over the coming days or weeks.

Chrome users are advised to upgrade their web browser to version 116.0.5845.187 (Mac and Linux) and 116.0.5845.187/.188 (Windows) as soon as possible, as it patches the CVE-2023-4863 vulnerability on Windows, Mac, and Linux systems.

 A prominent gun safe manufacturing company now faces massive backlash because it provided the Federal Bureau of Investigation (FBI) with the password to a customer's safe at the law enforcement agency's request.

 X's Elon Musk tweeted an article this week from Newsweek stating that the Anti-Defamation League (ADL) has "lost its way." And this prompted ADL head Jonathan Greenblatt to lash out in defense.

 The United States should take extra caution to avoid complicity in what is possibly an ongoing "genocide intent" against 120,000 Armenians living in Nagorno-Karabakh, experts warned the Tom Lantos Human Rights Commission, a bipartisan congressional human rights group.

 The local government body of Birmingham, the U.K.'s second-largest city, effectively declared bankruptcy on Sept. 5 because it no longer has enough money to pay the £760 million ($954 million) equal pay claims it owes to female government employees who were paid less than men in the past.

 A group of 22 left-wing organizations has announced the creation of a coalition that will funnel over $500 million in funding to local media publications over the course of five years.

 The University of Arizona (UA) is now facing scrutiny for instructing future pediatric nurses to ask children as young as three years old about their gender identity.

 An Indiana man was sentenced on Wednesday to 85 years in prison for the 2020 murder of his mother’s boyfriend.

 A California school district spent $171,000 for “equity trainings” from a Left-wing consulting firm that uses Critical Race Theory, public records obtained by The Daily Wire reveal.

 Danny Masterson’s wife, actress Bijou Phillips, wrote a lengthy character statement in support of her husband after he was convicted of rape.

 Homeland Security Secretary Alejandro Mayorkas complained on Monday of a “broken immigration system” when asked to respond to a warning from New York City Mayor Eric Adams about the migrant crisis.

 HuffPost White House correspondent S. V. Date used the 22nd anniversary of the September 11th terrorist attacks to claim that former President Donald Trump was worse than “Osama bin Biden.”

 Hundreds of gun owners took to the streets of Albuquerque over the weekend to openly carry their firearms in defiance of the state’s Democrat governor, Michelle Lujan Grisham, who unilaterally decided to suspend laws allowing open and concealed carry in the area.

The Central Intelligence Agency offered to pay off analysts in order to bury their findings that COVID-19 most likely leaked from a lab in Wuhan, China, new whistleblower testimony to Congress alleges.

A senior-level CIA officer told House committee leaders that his agency tried to pay off six analysts who found SARS-CoV-2 likely originated in a Wuhan lab if they changed their position and said the virus jumped from animals to humans, according to a letter sent Tuesday to CIA Director William Burns.

Select Subcommittee on the Coronavirus Pandemic Chairman Brad Wenstrup (R-Ohio) and Permanent Select Committee on Intelligence Chairman Mike Turner (R-Ohio) requested all documents, communications and pay info from the CIA’s COVID Discovery Team by Sept. 26.

“According to the whistleblower, at the end of its review, six of the seven members of the Team believed the intelligence and science were sufficient to make a low confidence assessment that COVID-19 originated from a laboratory in Wuhan, China,” the House panel chairmen wrote.

The Biden administration is close to approving the shipment, according to the officials, after seeing the success of cluster munitions delivered in 155 mm artillery rounds in recent months.

 Nike announced the permanent closure of its factory store in northeast Portland, Oregon, on Friday due to ongoing “theft and safety issues” after nearly 40 years of business on the city’s northeast side, according to a non-profit that supports economic and business development in the neighborhood.

 A fight broke out in the parking lot of a high school in Utica, New York, on Saturday, and when a Utica City School District security officer tried to intervene, he was shot in the back of the head.

 Mourners were joined by current and former politicians Monday for a somber ceremony marking the 22nd anniversary of the September 11, 2001, terror attacks. 

 New York City Mayor Eric Adams on Saturday announced budget cuts to the tune of billions of dollars due to rising costs associated with the tens of thousands of migrants flooding into the city.

 The White House appeared to blow off criticisms after President Joe Biden became the first sitting U.S. President to not make an appearance at any of the official memorial sites on September 11: Ground Zero in New York City, the Pentagon Memorial in Arlington, Virginia, and Shanksville, Pennsylvania — the place where passengers brought down hijacked United Flight 93.

 Georgia Governor Brian Kemp took aim at former President Donald Trump over the weekend for recent remarks that he made about “COVID tyrant[s],” noting that the former president opposed him back in April 2020 for reopening his state early.

 California lawmakers passed a bill last week that prevents public school boards from banning gender and race-related books and educational material, and Governor Gavin Newsom is expected to sign it into law within the next month.

 San Francisco has hired a new tourism chief who says will change the “ongoing narrative” about San Francisco as the city struggles to combat the stubborn issues of homelessness, drug use, and crime.

 Virginia Democrats and Loudoun County’s George Soros-backed prosecutor are lashing out at Gov. Glenn Youngkin (R-VA) over his Sunday pardon of Scott Smith, whose daughter was raped in school and who the prosecutor, Buta Biberaj, personally sought to put in jail.