#android

Scammers are using the age old tactic of scaring victims into clicking by sending out fake product recall messages from Amazon.

**According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability?** The attacker is only able to modify the content of the vulnerable link to redirect the victim to a malicious site.

User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Dreame Technology Equipment: Dreamehome and MOVAhome mobile applications Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthorized information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the Dreame and MOVA mobile apps are affected: Dreamehome iOS app: Versions 2.3.4 and prior Dreamehome Android app: Versions 2.1.8.8 and prior MOVAhome iOS app: Versions 1.2.3 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens. CVE-2025-8393 has bee...

Malwarebytes has been awarded the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security.

Weight loss scams prey on insecurities, and scammers are abusing celebrities and fake news sites to deceive people.

Google has patched 6 vulnerabilities in Android including two critical ones, one of which can compromise a device without the user needing to do anything.

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025. CVE-2025-21479

Receiving an unexpected package in the post is not always a pleasant surprise.

Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic