Field notes from the edge.
What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.
AINew Rokarolla Android Malware Steals PINs, SMS Codes, and Crypto Wallet Funds
Zimperium's zLabs has identified Rokarolla, a sophisticated Android banking trojan that targets 217 banking and cryptocurrency applications with 137 remote commands. The malware enables attackers to gain comprehensive control over infected devices, including stealing lock-screen PINs, intercepting SMS messages, manipulating clipboard content to redirect cryptocurrency payments, and disabling Googl
AIAndroid Spyware Asin Targets Arabic Users via Fake News, PDF and War Map Apps
ESET has identified a new Android spyware called Asin specifically targeting Arabic-speaking users through deceptive distribution methods. The malware campaigns, detected in early 2025, utilize fake websites impersonating utilities, war-related information sources, and government news platforms to distribute the spyware to unsuspecting victims.
AIWhatsApp, Slack Notifications Could Hijack Google Gemini on Android
Security researchers discovered a critical vulnerability in Google Gemini's Android voice assistant that could be exploited through malicious notifications from popular messaging apps like WhatsApp, Slack, SMS, Signal, Instagram, or Messenger. The flaw would allow attackers to hijack the assistant without requiring any malicious app installation, potentially enabling unauthorized access to connect
AIDarkSword Malware
DarkSword is a sophisticated, likely government-designed iOS malware exploiting six zero-day vulnerabilities across iOS versions 18.4-18.7, deployed by multiple commercial surveillance vendors and state-sponsored actors since November 2025. The exploit chain has been used in targeted campaigns across Saudi Arabia, Turkey, Malaysia, and Ukraine, deploying three distinct malware families post-compro