Cybersecurity

7940 readers

38 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

TapTrap: new attack on Android that lures you into performing actions you did not intend to do. This allows an app to access your camera or location, or erase your device—all without your consent. (taptrap.click)

submitted 1 week ago by floofloof@lemmy.ca to c/cybersecurity@sh.itjust.works

4 comments fedilink hide all child comments

cross-posted from: https://programming.dev/post/34366844

Lobsters.

Hackernews.

top 4 comments

sorted by: hot top controversial new old

[–] alextecplayz@techhub.social 14 points 1 week ago (1 children)

@floofloof "TapTrap works even on the latest Android version, Android 16. We reported this issue to Google and major browser vendors in 2024. Browsers have fixed the issue as of July 2025, but Android itself remains vulnerable (see the disclosure timeline for details)."

JFC, Google

[–] floofloof@lemmy.ca 13 points 1 week ago* (last edited 1 week ago) (2 children)

It then mentions that the underlying issue was independently reported to Google by another researcher in early 2023. So they have had more than two years.

[–] tiredofsametab@fedia.io 5 points 1 week ago

For some single-person or even small group project, I can understand not having time to deal with something. At the point that it is a large, commercial entity and running a lot of the world's devices, there should be legal implications for such negligence.

[–] Maiq@lemy.lol 1 points 1 week ago

With that kind of timeline, maybe its a feature and not a bug. Just not a feature users want or need.