Vulnerabilities
Google Publishes Patch for Android Lock Screen Bug That Reportedly Let Gemini Send SMS Without a PIN
A mobile lock-screen bypass involving Gemini — defender verification across managed Android fleets this week.
Expert analysis on securing the mobile perimeter. Coverage of MDM strategies, app-based threats, and hardening iOS and Android for the enterprise.
Vulnerabilities
A mobile lock-screen bypass involving Gemini — defender verification across managed Android fleets this week.
Mobile Security
An Apple advisory on FaceTime-based social engineering — defender-team end-user awareness this week.
Nation-State Cyber Threats
A nation-state mobile-network-vulnerability disclosure with defense-sector implications — coverage this week.
Data Privacy
A pointed export-control-policy disclosure — the spyware-inquiry rapporteur becomes the target.
Mobile Security
Two researchers mapped the proximity-sharing protocols behind AirDrop and Quick Share and found six flaws spanning five billion Apple and Android devices, with vendor fixes only partly shipped.
Mobile Security
A scale-significant AI-app privacy disclosure with developer accountability implications: Wake Forest researchers found 282 of 444 iOS AI apps exposing usable LLM credentials in their own network traffic, and most stayed open months after notification.
Vulnerabilities
Apple shipped an early, large patch cycle across iOS, macOS, and Safari — including four WebKit bugs surfaced by AI tools from OpenAI and Anthropic. For defenders, this is a device-verification week.
Mobile Security
Cellebrite's stated sales-restriction practice gets fresh scrutiny via human-rights documentation, after researchers tied its forensic tooling to a jailed Russian activist's iPhone months after the company said it had pulled out.
Vulnerabilities
A macOS endpoint-protection bypass with defender posture-review implications. XM Cyber researchers showed that a standard, non-admin user can silently unload EDR and MDM agents on macOS, abusing legitimate XPC behavior rather than a single patchable bug.
Threat Intelligence
Meta's contempt filing tests whether court-ordered restrictions are effectively binding on a commercial spyware vendor.
Artificial Intelligence (AI)
SafeBreach researchers found that a single poisoned notification — from WhatsApp, Slack or SMS — could hijack Google Gemini's voice assistant on Android with no malicious app installed, reaching smart-home controls and poisoning the assistant's long-term memory. Google has patched it.
Vulnerabilities
Google's June 2026 Android update fixes CVE-2025-48595, an Android Framework integer overflow that Google says may be under limited, targeted exploitation. Because the Framework is the API layer every app touches, the flaw can hand an attacker complete control of an unpatched device.