PoisonSeed Hackers Bypass FIDO Keys; Iran’s DCHSpy Android Malware Targets Dissidents Via Starlink Apps, Spreads on Telegram

Hackers have developed a new phishing technique called PoisonSeed that bypasses FIDO security keys by exploiting a legitimate cross-device sign-in feature through QR code scanning, allowing attackers to gain full access to protected accounts. Meanwhile, Iranian hackers linked to the Ministry of Intelligence and Security (MOIS) have expanded their Android spyware campaign amid heightened Middle East tensions. The new spyware, known as DCHSpy, disguises itself as Starlink and VPN applications and is capable of hijacking WhatsApp, microphone, camera, files, and location data, likely targeting dissidents following the Israel-Iran conflict. This malware continues to spread primarily via Telegram. Additionally, Chinese-linked hackers have initiated a targeted espionage campaign against African IT infrastructure.