Yazılar

EU Plan to Phase Out High-Risk Tech Draws Fire From China’s Huawei

/in /tarafından

The European Union plans to phase out components and equipment from so-called high-risk technology suppliers in critical sectors, under proposed revisions to the EU Cybersecurity Act that have drawn sharp criticism from Huawei.

The draft proposal, released by the European Commission, aims to strengthen protections against rising cyber and ransomware attacks, foreign interference and espionage risks, while reducing Europe’s dependence on non-EU technology providers. Although the Commission did not name specific companies or countries, Huawei is widely expected to be among those affected.

EU technology chief Henna Virkkunen said the measures would improve security of critical ICT supply chains and bolster Europe’s technological sovereignty. The new rules would apply to 18 key sectors, including telecom networks, cloud services, semiconductors, energy systems, medical devices, drones and connected vehicles.

Under the proposal, mobile operators would have 36 months after publication of a high-risk supplier list to phase out key components. Additional timelines for fixed and satellite networks will be set later. Any restrictions would follow formal risk assessments and market impact studies.

Huawei said excluding suppliers based on country of origin rather than technical evidence violates EU legal principles and World Trade Organization obligations, echoing criticism from China’s foreign ministry. Industry group Connect Europe warned the measures could impose billions of euros in extra costs. The proposal must still be negotiated with EU governments and the European Parliament before becoming law.

Claim That Any Phone Can Be Tracked via Google Maps by Email Is False

/in /tarafından

A viral claim suggesting that anyone can locate a mobile phone simply by emailing Google and using a phone number is inaccurate and misleading, cybersecurity experts say.

Posts circulating online allege that sending an email through Gmail to a specific address can trigger Google Maps to reveal a device’s location, even without internet access. Google does not offer any such service, and there is no official mechanism that allows location tracking of a phone solely via an email request or partial phone number.

Legitimate phone-tracking tools require explicit user consent and account access, such as Google’s “Find My Device” for Android or Apple’s “Find My” for iPhone. These services work only when users are logged in and have location sharing enabled.

Security specialists warn that messages promoting email-based tracking may be linked to scams or data-harvesting attempts. Users who follow such instructions could expose personal information without gaining any real tracking capability.

Authorities and privacy advocates stress that tracking a phone without permission is illegal in many countries. Users are advised to rely only on official tools provided by device makers and to report misleading claims that promise effortless or universal phone tracking.

More Than 56,000 WhatsApp Accounts Exposed by Malicious npm Package

/in /tarafından

A malicious package hosted on Node Package Manager (npm) has compromised more than 56,000 downloads by posing as a legitimate WhatsApp Web API library, allowing attackers to secretly access messages, media files, contacts and session credentials.

The package, identified by cybersecurity firm Koi Security, was published under the name lotusbail and masqueraded as a fork of the popular WhatsApp Web automation library WhiskeySockets Baileys, commonly used by developers to build bots.

According to researchers, the malware intercepts all incoming and outgoing messages by hijacking the legitimate WebSocket connection used by WhatsApp Web. It silently copies authentication tokens and session keys, while normal app functionality continues, making the attack difficult to detect.

Stolen data is encrypted using a custom RSA implementation before being exfiltrated, helping the malware evade network monitoring tools. The package also includes functionality to secretly link an attacker’s device to a victim’s WhatsApp account, granting persistent access to conversations.

Security experts warn that uninstalling the npm package removes the malicious code but does not automatically unlink the attacker’s device. Users are advised to manually review and remove unknown linked devices in WhatsApp’s settings to fully secure their accounts.