A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator.
The bug, which was discovered by security researcher Eric Daigle, spilled the spyware app’s full database of email addresses and plaintext passwords that Catwatchful customers use to access the data stolen from the phones of their victims. Catwatchful is spyware masquerading as a child monitoring app that claims to be “invisible and cannot be detected,” all the while uploading the victim’s phone’s private contents to a dashboard viewable by the person who planted the app. The stolen data includes the victims’ photos, messages, and real-time location data.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest news and insights delivered right to your inbox
Related:
- SonicWall blames state hackers for damaging data breach
November 6, 2025
SonicWall has blamed “state-sponsored threat actors” for the cloud backup security breach which hit its services in September 2025. In an update posted on the company’s website, SonicWall said it completed the investigation into the incident, and confirmed that the malicious activity was “carried out by a state-sponsored threat actor” and was “isolated to the unauthorized ...
- Malware-pwned laptop gifts cybercriminals Nikkei’s Slack
November 6, 2025
Japanese media behemoth Nikkei has admitted to a data breach after miscreants slipped into its internal Slack workspace, exposing the personal details of more than 17,000 employees and business partners.… The company blamed the intrusion on malware that infected an employee’s device, letting attackers pinch Slack credentials and waltz into its chat system. Once the suspicious ...
- Washington Post says it is among victims of cyber breach tied to Oracle software
November 6, 2025
The Washington Post said it is among victims of a sweeping cyber breach tied to Oracle software. In a statement released on Thursday, the newspaper said it was one of those impacted “by the breach of the Oracle E-Business Suite platform.” The paper did not provide further detail, but its statement comes after CL0P, the notorious ...
- UK: Hundreds of residents’ details shared in data breach
November 4, 2025
A council chief has apologised after hundreds of residents’ sensitive data was mistakenly shared online. Some names, addresses, phone numbers and email addresses of 625 people who responded to South Gloucestershire Council’s consultation on 24 October were published online for three days. Once the error was spotted, council officers took “very prompt action” to remove the ...
- University of Pennsylvania says it has called FBI over data breach
November 3, 2025
The University of Pennsylvania says it has called in the Federal Bureau of Investigation after offensive emails were distributed to alumni. In a statement, the university said that a data breach had affected “select information systems.” An email sent to University of Pennsylvania alumni on Friday and reviewed by Reuters showed that someone masquerading as the ...
- UK: Woman charged after around 100 patient records accessed in data breach
October 31, 2025
A woman has been charged after around 100 patients had their medical records accessed in a data breach at NHS Lothian. The health board has written letters to patients affected by the breach, which they say was caused by one individual at Edinburgh Royal Infirmary. A letter dated last month, seen by STV News, says the ...