Know your market. Hackers offer what customers want.

https://thehackernews.com/2026/05/fake-call-history-apps-stole-payments.html

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

… "The offending apps, which we named CallPhantom based on their false claims, purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number," ESET security researcher Lukáš Štefanko said in a report shared with The Hacker News. "To unlock this supposed feature, users are asked to pay -- but all they get in return is randomly generated data."

Why this is still on every auditor’s checklist.

https://thenextweb.com/news/poland-water-treatment-cyberattack-russia-us

Hackers breached five Polish water treatment plants. The attack vector was default passwords. Seventy per cent of American water utilities fail the same test.

… The agency identified two primary attack vectors: passwords that had not been changed from factory defaults and industrial control systems exposed directly to the public internet. Neither vulnerability requires sophisticated tooling to exploit. Both have been documented in cybersecurity advisories for more than a decade.