-
A new 0-click exploit chain targeting Google Pixel devices has revealed how attackers are essentially hijacking everyday device functions to assume total control without requiring any explicit action from users.
-
From Chinese servers hosting thousands of command centers to ads for common tools secretly installing remote access trojans, threats are achieving massive scale by hiding in plain sight within trusted services.
-
A clear pattern emerges where security fails not from exotic new hacks, but from the quiet exploitation of designed functions—be it automatic support ticket emails, EU proposes new rules for improved tech supply chain security, or trusted apps loading malicious code.
The current cybersecurity environment feels less like a series of forced break-ins and more like a slow, but steady, bending of rules. Criminals aren’t kicking down the front door to companies, but are instead meeting them already wide open due to poor designs.
The real story is the sheer lack of friction they now need. From a vast network of command servers in China to malicious ads for PDF converters, the threats are leveraging the systems we use every day against us.
Google Discovers New Zero-Click Exploit, Zendesk Warns About Support Ticket Spam Campaigns
Google’s own researchers just released a detailed 0-click exploit for the Pixel 9, clearly showing what’s going on today. The attacker doesn’t have to trick you or get you to tap anything. Instead, they slip in through the way your phone deals with audio messages in Google Messages, without you needing to click any link.
A skilled hacker can exploit a weakness in the Dolby decoder and a kernel bug to take over your device — all in the background, without you even noticing. This move from tricking people to tricking trusted processes is everywhere.
There’s also a widespread abuse of Zendesk support systems — cybercriminals can submit fake tickets, and the platform’s automatic confirmation emails turn it into a spam relay without knowing any better.
Similarly, a new stealer campaign is using a DLL sideloading technique to trick a trusted executable file into loading malware alongside it. This pattern of abusing trusted platforms is also escalating on messaging apps, as seen in a recent surge of Trojan attacks targeting Brazilian cryptocurrency users through WhatsApp. The systems behave exactly as programmed, just for the wrong hands.
China Host Over 18k C&C Servers, Malicious Ads Trick Site Users Into Downloading Infostealers
The emphasis for many threat actors is no longer on loud, disruptive attacks but on quiet, patient control gained through scale. A new analysis reveals the Chinese internet space is hosting over 18,000 active command-and-control (or C&C) servers, nearly half on China Unicom alone. These servers control everything from the massive Mozi IoT botnet to tools like Cobalt Strike, supporting a vast underground economy.
This patient accumulation of access is evident elsewhere. , and in critical supply chain software itself, as seen in the Cl0p ransomware gang’s breach of security giant Entrust via an Oracle zero-day. A malicious advertising campaign for a trojanized ‘AppSuite PDF Editor’ that installs an infostealer called TamperedChef has been discovered. This info stealer stays dormant for about 56 days before activating—neatly aligning with the lifecycle of paid ad campaigns to avoid detection.
Another campaign uses PNG image files hosted on the public Internet Archive, hiding stolen data after the image’s official end marker. The file looks normal, but contains a hidden payload. Once downloaded, the file will render the same way any valid image would in a viewer, but the actual malware is found between ‘BseStart’ and ‘BasEnd,’ which are custom markers.
Put together, these incidents show the ‘background layer’ of our technology: automatic processes, trusted services, and routine workflows have become the front line.
UK Govt. Warns Against Malicious Activity by Russia-linked Hackers
The UK government warns of ongoing disruptive DoS attacks from hacktivists. The groups are targeting local government agencies and the nation’s core infrastructure with DoS attacks. According to the National Cyber Security Center, these hacktivists aim to take down websites and deny access to essential services.
The European Commission is introducing a new cybersecurity bill that would require removing high-risk suppliers to enhance information & communication technology (ICT) supply chain security. All EU member states will collaborate under this legislation to identify and eliminate breaches in the supply chain across all critical sectors in Europe.
Massive scans constantly probe for vulnerable WordPress plugins, while fake loan scams in Peru have spawned 370 domains to harvest banking data of unsuspecting users. They spread the campaign via social media ads.
The takeaway isn’t about any single flaw. It’s about the pattern of exposure that accumulates quietly in the systems we stop watching once they feel stable, only to surface all at once.
One researcher noted that once attackers gain access to a critical supply chain software by identifying a vulnerability, they would be able to view or cancel shipments of customers dating back to 2007. The past isn’t just a prologue; rather, it’s a persistent target that companies leave unprotected most of the time.
