Find notable cyber news and cases, enriched with sources, timelines, and signals.

Landfall spyware targeting Samsung Galaxy phones

Malware Activity
First reported
Last updated
Happening score
H score 16
2 unique sources, 2 articles

Summary

Hide ▲

Landfall is an Android spyware operation that used CVE-2025-21042 in a Samsung image processing library to compromise Samsung Galaxy phones and enable surveillance plus data theft. The activity matters because the spyware could record microphone audio, track location, and steal photos, contacts, and call logs from infected devices. Evidence indicates the attacks were active since at least July 2024 and likely used a zero-click delivery path through WhatsApp. A later CISA alert also tied LANDFALL to a targeted campaign that exploited Samsung CVE-2025-21042 to deliver Android spyware to Galaxy devices in the Middle East.

Related Happenings

AirDrop and Quick Share fixes from Apple and Google

Security Patch Release
H score27 First: 30.06.2026 12:27 Last: 30.06.2026 12:27 Sources 1

About this happening: **Apple** and **Google** have started shipping fixes for the disclosed **AirDrop** and **Quick Share** flaws, reducing exposure for nearby attacks against widely used sharing feat...

AirDrop and Quick Share nearby crash and session-bypass flaws security flaw

Vulnerability
H score1 First: 30.06.2026 12:27 Last: 30.06.2026 12:27 Sources 1

About this happening: Nearby attackers can crash **AirDrop** and bypass **Quick Share** session checks, exposing **Apple**, **Samsung**, and **Google Windows** file-sharing stacks to local disruption a...

WhatsApp contempt motion against NSO Group

Regulatory/Legal Action
H score33 First: 09.06.2026 11:15 Last: 09.06.2026 11:15 Sources 1

About this happening: WhatsApp moved the **US court** to hold **NSO Group** in contempt over a **permanent injunction** tied to spyware targeting of users. The company says NSO violated the order by us...

NSO Group WhatsApp spear-phishing campaign

Campaign
H score37 First: 08.06.2026 20:08 Last: 08.06.2026 20:08 Sources 1

About this happening: **NSO Group** remains tied to a **WhatsApp** spear-phishing **campaign** that used **malicious links** to push targets to external websites outside the app. On **June 8**, WhatsAp...

AI-driven attack surge against customer-facing mobile apps in 2026

Trend
H score43 First: 19.05.2026 15:00 Last: 19.05.2026 15:00 Sources 1

About this happening: **Customer-facing mobile apps** faced a sharp rise in attacks in **2026**, with **87%** of monitored apps hit versus **55% in 2022**. The trend matters because **agentic AI** is l...

Timeline

  1. 07.11.2025 17:29 3 articles · 8mo ago

    Landfall spyware targeting Samsung Galaxy phones

    Initial Disclosure

    The first observed phase was the **zero-day delivery** of **Landfall** to **Samsung Galaxy** users through a **specially crafted DNG image** sent over **WhatsApp**. That initial compromise path enabled code execution through **CVE-2025-21042** and set up device surveillance.

    Show sources