ALL POSTS

Key Findings Apple is testing end-to-end encrypted Rich Communications Services (RCS) messaging in the iOS and iPadOS 26.4 developer beta. The feature is still in beta and not yet available to all devices or carriers. Encrypted conversations are labeled as such and cannot be read while in transit between devices. RCS encryption is currently only available for testing between Apple devices and not with other platforms like Android. The RCS encryption is based on the Messaging

Key Findings The FBI obtained BitLocker encryption keys from Microsoft to access encrypted data on laptops seized during a fraud investigation in Guam. Microsoft provides these recovery keys to law enforcement when presented with a valid legal order, as the keys are often backed up to users' Microsoft accounts by default. This practice raises privacy concerns, as it allows authorities to bypass the encryption meant to protect users' data, even if the device owner has not know

Key Findings Trend Micro's AI-driven threat hunting pipeline discovered a previously unknown and undetectable Linux backdoor called "GhostPenguin" GhostPenguin had zero detections on VirusTotal for over four months before being identified The sophisticated, multi-threaded backdoor is written in C++ and uses RC5-encrypted UDP for covert Command and Control (C2) communications Background GhostPenguin was first submitted to VirusTotal on July 7, 2025, but remained completely inv

Key Findings New Android banking trojan called Sturnus enables credential theft and full device takeover for financial fraud Key differentiator is ability to bypass encrypted messaging on apps like WhatsApp, Telegram, and Signal Captures content directly from device screen after decryption, allowing monitoring of private communications Stages overlay attacks to steal banking credentials and leverages accessibility services for extensive device control Blocks uninstallation at