A sophisticated cross-platform attack bridges Windows PCs and Android devices, using Google's own service as a destructive tool.

Continue reading

A security researcher demonstrated how three patched OpenClaw vulnerabilities can be chained from a WhatsApp message to achieve credential theft, sandbox escape, and host-level code execution, exposing architectural risks in AI agents.
Security researchers have uncovered a disturbing campaign by the North Korean threat actor APT37. The group is systematically stealing Google credentials from infected Windows computers to locate then remotely and factory reset victims' Android phones using Google's Find My Device service.
This is not an exploit of a software vulnerability. It is a calculated abuse of a legitimate cloud service, hinging entirely on the theft of user credentials. The attack demonstrates a sophisticated understanding of operational security, as the remote wipe is often timed for when the victim is physically separated from their device, delaying discovery and response.
The attack unfolds with precision across different platforms:
This campaign is notable for its hybrid nature. It doesn’t rely on mobile malware but instead uses a PC infection as a pivot point to attack mobile assets through the cloud. By compromising the central Google account, the attackers gain a powerful, legitimate tool for destruction.
The secondary propagation method—using the victim’s active KakaoTalk session on the infected PC to send malware to their contacts—adds a layer of social engineering that makes the campaign highly effective and self-spreading.
Since the core vulnerability is stolen credentials, the defense is straightforward but critical:
This incident serves as a stark reminder that mobile security is inextricably linked to PC and cloud account security. A breach on one platform can have immediate and devastating consequences on another.

Millions of driver's license records were exposed in a massive data breach, raising identity theft risks and highlighting critical data security failures.