Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The last few weeks have marked a chaotic turning point in the mobile threat landscape. We’ve seen mass exploitations across numerous iOS versions by multiple threat actors, driven by sophisticated exploit chains like Coruna and now DarkSword. What makes these threats different is not just their activity, but their trajectory. Until recently, these capabilities were expensive, highly secretive, and limited to a small number of advanced actors. Now, that dynamic has shifted rapidly.

Last week, Google’s Threat Intelligence Group announced the disruption of IPIDEA, one of the largest and most abused residential proxy networks observed in the wild. IPIDEA quietly turned millions of consumer devices into proxy exit nodes, enabling cybercrime, espionage, and botnet activity—while putting users and enterprises at risk. At Lookout, we acted immediately.

If your organization hasn’t encountered a vishing attack yet, it’s probably only a matter of time. Vishing, or voice phishing, is a sophisticated type of social engineering that adds a whole new dimension to common scams. Rather than emails or text messages, threat actors employ phone calls or online voice calls to carry out vishing schemes. Particularly savvy attackers can even copy a real person’s voice to deceive, coerce, or manipulate potential victims.

Mobile security has always been complex, but LLM technology has added a whole new dimension to the field. Behind every popular generative AI (genAI) tool is a comprehensive large language model (LLM) that provides data and parses queries in natural language. When used responsibly, LLMs can be useful tools for ideation and content generation. In the wrong hands, though, LLMs can help threat actors supercharge their social engineering scams.

Over the past few years, artificial intelligence (AI) has supercharged deepfake technology. Creating a fake picture, video, or audio recording of a person used to require a considerable investment of both time and technical skills. Now, generative AI (genAI) platforms can whip up convincing deepfakes in minutes, using only a single photo or short voice clip as a starting point.

If your organization uses a private large language model (LLM), then it’s time to start thinking about countermeasures for jailbreaking. A jailbroken LLM can lead to leaked information, compromised devices, or even a large-scale data breach. Even more troubling: Jailbreaking LLMs is often as simple as feeding them a series of clever prompts. If your customers can access your LLM, your potential risk is even higher.

Generative AI is rapidly transforming the way we work. The large language models (LLMs) that power tools like ChatGPT and Claude are immensely powerful, capable of providing us with research data, detailed insights, and even deep analysis of documents and data sets, all performed through simple, text-based prompts. However, these prompts have unfortunate side effects for the IT professionals assigned to protect sensitive and proprietary data from cyber attacks.

The history of computing is marked by sea change moments; those times when the world seems to shift into a new possibility space almost overnight. ENIAC. The personal computer. The World Wide Web. The smartphone. And now, AI. While the term “AI” has been applied to many new (or re-branded) services and products, the underlying technology that makes most of them feel like magic is the large language model (LLM).

It’s easy to think about securing an organization’s data like building a bank vault. You focus on defenses that are impermeable to unauthorized parties: doors hardened against drills, walls resistant to impacts, and countermeasures for any number of other illicit access methods. Ultimately, you feel confident that only people with the right clearance will get in.

Modern businesses are more reliant on mobile devices than ever before. Employees need smartphones and tablets for communication, productivity, and even security authentication. As remote and hybrid work setups become more common, mobile technology is necessary for keeping workers connected to their organizations. At the same time, these devices expose a weak link in the cybersecurity chain: the human layer.