From 600 firewalls breached by AI-driven hackers to critical flaws in mental health apps, discover the latest mobile cybersecurity threats, emerging risks from AI prompts, and how to protect your apps and APIs before it’s too late.
AI as a Force Multiplier: 600 Firewalls Breached in 5 Weeks
Amazon has uncovered a massive, AI-powered campaign by a Russian-speaking hacker that compromised over 600 FortiGate firewalls across 55 countries. Rather than using zero-days, the attacker leveraged commercial AI services to automate brute-force attacks and generate custom reconnaissance scripts. By feeding stolen network data into LLMs, the threat actor received step-by-step instructions for lateral movement, effectively using AI to bridge a skill gap and scale a global intrusion. For more details, you can find the full report on the AWS Security Blog or via Bleeping Computer.
Multiple Mental Health Apps Riddled with High Severity Security Flaws
A recent audit of popular mental health apps on Google Play found over 1,500 vulnerabilities that could expose users’ therapy and medical data. Issues like insecure storage, weak encryption, and unsafe app components could let attackers access sessions, messages, and personal health information. With millions of downloads, these apps highlight the urgent need for stronger security in tools handling sensitive personal data.
Approov Named Finalist for 2026 Cybersecurity Company of the Year
We’re excited to share that Approov has been named a finalist for Cybersecurity Company of the Year at the 2026 Scottish Cyber Awards. Our app attestation technology is at the forefront of protecting mobile apps and APIs from fraud, tampering, and abuse, and this nomination underscores the significant impact we’re driving in mobile security across the globe.
As web scraping shifts to AI-powered API harvesting, your mobile app is the primary target for competitors seeking real-time pricing and inventory. These native endpoints expose your core strategic logic to automated extraction that mimics human behavior. Protecting your competitive advantage requires moving beyond simple bot detection to securing the specific business flows that reveal your supply footprint.
Viral AI Prompts: The Next Invisible Threat in Security
Autonomous AI agents now have their own Reddit-style social network, and it is more than weird bot chatter. The Moltbook phenomenon shows how self-replicating, shared AI prompts can spread like malware by exploiting what models do best: follow instructions. Already, major security flaws on such platforms have exposed millions of API keys and private records.
New “Massiv” Android Trojan Uses Fake IPTV Apps for Full Device Takeover
Cybersecurity researchers have identified Massiv, a new Android banking trojan that enables full device takeover and financial theft. Disguised as IPTV apps and spread via SMS phishing, it abuses accessibility services to steal credentials and remotely control devices. ThreatFabric reports infections in Portugal and Greece, as reported in The Hacker News.
You think your mobile app is safe, but smart bots, API abuse, and hidden tampering can still slip past defenses. For over a decade, we’ve helped companies protect users and brands from unsafe mobile apps. Now you can scan your iOS or Android app for free and get a comprehensive security report that reveals real vulnerabilities, business impact, and clear remediation steps with zero false positives.
