#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News
AWS EKS Security Best Practices

SimJacker | Breaking Cybersecurity News | The Hacker News

Category — SimJacker
SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks

SIM Cards in 29 Countries Vulnerable to Remote Simjacker Attacks

Oct 12, 2019
Until now, I'm sure you all might have heard of the SimJacker vulnerability disclosed exactly a month ago that affects a wide range of SIM cards and can remotely be exploited to hack into any mobile phone just by sending a specially crafted binary SMS. If you are unaware, the name "SimJacker" has been given to a class of vulnerabilities that resides due to a lack of authentication and proprietary security mechanisms implemented by dynamic SIM toolkits that come embedded in modern SIM cards. Out of many, two such widely used SIM toolkits — S@T Browser technology and Wireless Internet Browser (WIB) — have yet been found vulnerable to SimJacker attacks, details of which we have provided in our previous articles published last month. At that time, a few experts in the telecom industry confirmed The Hacker News that the SimJacker related weaknesses were internally known to many for years, and even researchers also revealed that an unnamed surveillance company has been ...
More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

More SIM Cards Vulnerable to Simjacker Attack Than Previously Disclosed

Sep 27, 2019
Remember the Simjacker vulnerability? Earlier this month, we reported about a critical unpatched weakness in a wide range of SIM cards, which an unnamed surveillance company has actively been exploiting in the wild to remotely compromise targeted mobile phones just by sending a specially crafted SMS to their phone numbers. If you can recall, the Simjacker vulnerability resides in a dynamic SIM toolkit, called the S@T Browser , which comes installed on a variety of SIM cards, including eSIM, provided by mobile operators in at least 30 countries. Now, it turns out that the S@T Browser is not the only dynamic SIM toolkit that contains the Simjacker issue which can be exploited remotely from any part of the world without any authorization—regardless of which handsets or mobile operating systems victims are using. WIB SIM ToolKit Also Leads To SimJacker Attacks Following the Simjacker revelation, Lakatos, a researcher at Ginno Security Lab, reached out to The Hacker News earli...
New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

New SIM Card Flaw Lets Hackers Hijack Any Phone Just By Sending SMS

Sep 12, 2019
Cybersecurity researchers today revealed the existence of a new and previously undetected critical vulnerability in SIM cards that could allow remote attackers to compromise targeted mobile phones and spy on victims just by sending an SMS. Dubbed " SimJacker ," the vulnerability resides in a particular piece of software, called the S@T Browser (a dynamic SIM toolkit), embedded on most SIM cards that is widely being used by mobile operators in at least 30 countries and can be exploited regardless of which handsets victims are using. What's worrisome? A specific private company that works with governments is actively exploiting the SimJacker vulnerability from at least the last two years to conduct targeted surveillance on mobile phone users across several countries. S@T Browser , short for SIMalliance Toolbox Browser, is an application that comes installed on a variety of SIM cards, including eSIM, as part of SIM Tool Kit (STK) and has been designed to let mobile...
cyber security

Free Tool: Help Desk Verification Codes

websitePush SecurityThreat Detection / Identity Security
Get secure, rotating codes in employee browsers to verify their identity and stop Scattered Spider breaches.
BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally

BaitTrap: Over 17,000 Fake News Websites Caught Fueling Investment Fraud Globally

Jul 08, 2025Financial Scams / Online Security
A newly released report by cybersecurity firm CTM360 reveals a large-scale scam operation utilizing fake news websites—known as Baiting News Sites (BNS)—to deceive users into online investment fraud across 50 countries. These BNS pages are made to look like real news outlets: CNN, BBC, CNBC, or regional media. They publish fake stories that feature public figures, central banks, or financial brands, all claiming to back new ways to earn passive income. The goal? Build trust quickly and steer readers toward professional-looking scam platforms like Trap10, Solara Vynex, or Eclipse Earn. Scammers use sponsored ads on Google, Meta, and blog networks to push traffic to these sites. Ads often carry clickbait headlines—"You won't believe what a prominent public figure just revealed"—paired with official photos or national flags to make them feel legit. Clicking the ad directs users to a fake article, which then redirects them to a fraudulent trading platform. Many of these scams follow a...
Expert Insights Articles Videos
Cybersecurity Resources