#android

A relatively new app called Raw that aims to rewrite the rules of dating is the latest to trip over its coattails by exposing user data to anyone who asked for it.

Google has patched 47 Android vulnerabilities in its May update, including an actively exploited FreeType vulnerability.

Google has released its monthly security updates for Android with fixes for 46 security flaws, including one vulnerability that it said has been exploited in the wild. The vulnerability in question is CVE-2025-27363 (CVSS score: 8.1), a high-severity flaw in the System component that could lead to local code execution without requiring any additional execution privileges. "The most severe of

TM SGNL, a chat app by US-Israeli firm TeleMessage used by Trump officials, halts operations after a breach…

**Vulnerable MobSF Versions:** <= v4.3.2 **Details:** MobSF is a widely adopted mobile application security testing tool used by security teams across numerous organizations. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external vendors. MobSF provides a feature that allows users to upload ZIP files for static analysis. Upon upload, these ZIP files are automatically extracted and stored within the MobSF directory. However, this functionality lacks a check on the total uncompressed size of the ZIP file, making it vulnerable to a ZIP of Death (zip bomb) attack. Due to the absence of safeguards against oversized extractions, an attacker can craft a specially prepared ZIP file that is small in compressed form but expands to a massive size upon extraction. Exploiting this, an attacker can exhaust the serv...

ESET has discovered Spellbinder, a new tool used by the China-linked cyber espionage group TheWizards to conduct AitM…

**Vulnerable MobSF Versions:** <= v4.3.2 **CVSS V4.0 Score:** 8.6 (CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N) **Details:** A Stored Cross-Site Scripting (XSS) vulnerability has been identified in MobSF versions ≤ 4.3.2. The vulnerability arises from improper sanitization of user-supplied SVG files during the Android APK analysis workflow. When an Android Studio project contains a malicious SVG file as an app icon (e.g path, /app/src/main/res/mipmap-hdpi/ic_launcher.svg), and the project is zipped and uploaded to MobSF, the tool processes and extracts the contents without validating or sanitizing the SVG. Upcon ZIP extraction this icon file is saved by MobSF to: user/.MobSF/downloads/<filename>.svg This file becomes publicly accessible via the web interface at: http://127.0.0.1:8081/download/filename.svg If the SVG contains embedded JavaScript (e.g., an XSS payload), accessing this URL via a browser leads to the execution of the script in the context of th...

Passwords are becoming things of the past. Passkeys are more secure, easier to manage, and speed up the log in process

Researchers found a set of vulnerabilities that puts all devices leveraging Apple's AirPlay at risk.

These 3 cybersecurity threats may not be the most sophisticated, but they're the most effective—and serious—threats for small businesses.