bug-bounty481
google307
xss278
microsoft260
facebook216
rce162
apple155
exploit141
bragging-post102
malware99
account-takeover98
csrf84
cve82
privilege-escalation75
stored-xss65
authentication-bypass65
writeup61
browser58
reflected-xss57
react54
phishing53
cloudflare52
ssrf51
dos51
input-validation49
access-control49
cross-site-scripting48
node48
aws46
docker46
smart-contract45
sql-injection45
ethereum44
defi43
supply-chain43
web-security43
web-application42
oauth41
web339
reverse-engineering37
burp-suite36
lfi35
idor35
vulnerability-disclosure34
html-injection33
race-condition32
smart-contract-vulnerability32
clickjacking31
information-disclosure30
csp-bypass30
0
4/10
Russian state-sponsored hackers are conducting a global phishing campaign targeting Signal and WhatsApp accounts of government officials, military personnel, and journalists by impersonating support chatbots to steal verification codes and abuse linked device features. The campaign exploits legitimate security functions rather than technical vulnerabilities, allowing attackers to access encrypted messages and group chats after compromising individual accounts.
social-engineering
account-takeover
phishing
signal
whatsapp
linked-devices
verification-codes
credential-theft
russian-apo
government-targeting
threat-intel
AIVD
MIVD
Signal
WhatsApp
Russia
Peter Reesink
Simone Smit