Security
Headlines
HeadlinesLatestCVEs

Tag

#android

What does Google know about me? (Lock and Code S06E21)

This week on the Lock and Code podcast… Google is everywhere in our lives. It’s reach into our data extends just...

Malwarebytes
Open in Source
#web#android#google#chrome
Chinese gangs made over $1 billion targeting Americans with scam texts

Chinese gangs are using US SIM farms and money mules to run industrial-scale text scams that steal and launder Americans’ card data.

⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More

It’s easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn’t just patching fast, but watching smarter and staying alert for what you don’t expect. Here’s a quick look at this week’s top threats, new tactics, and security stories shaping

Hackers Dox ICE, DHS, DOJ, and FBI Officials

Plus: A secret FBI anti-ransomware task force gets exposed, the mystery of the CIA’s Kryptos sculpture is finally solved, North Koreans busted hiding malware in the Ethereum blockchain, and more.

Ilevia EVE X1 Server 4.7.18.0.eden Parameter Traversal Arbitrary File Access

An unauthenticated absolute and relative path traversal vulnerability exists in the smart home/building automation platform via the /ajax/php/get_file_content.php endpoint. By supplying a crafted 'file' POST parameter, a remote attacker can read arbitrary files from the server's file system, resulting in sensitive information disclosure.

Ilevia EVE X1 Server 4.7.18.0.eden (mbus) Unauthenticated Remote Command Injection

The EVE X1 server suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'mbus_file' and 'mbus_csv' HTTP POST parameters through /ajax/php/mbus_build_from_csv.php script.

Ilevia EVE X1 Server 4.7.18.0.eden Unauthenticated Reflected XSS

Input passed to the GET parameter 'error' is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML/JS code in a user's browser session in context of an affected site.

Video call app Huddle01 exposed 600K+ user logs

Privacy left the chat. A misconfigured Kafka broker effectively undid the anonymity many users rely on.

ThreatsDay Bulletin: $15B Crypto Bust, Satellite Spying, Billion-Dollar Smishing, Android RATs & More

The online world is changing fast. Every week, new scams, hacks, and tricks show how easy it’s become to turn everyday technology into a weapon. Tools made to help us work, connect, and stay safe are now being used to steal, spy, and deceive. Hackers don’t always break systems anymore — they use them. They hide inside trusted apps, copy real websites, and trick people into giving up control

TikTok scam sells you access to your own fake money

We dive into the “last goodbye” messages sent via TikTok that lead victims to a crypto paywall scam.