Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Chrome fixes 6 security vulnerabilities. Get the update now!

Google has released an update for its Chrome browser to patch six security vulnerabilities including one zero-day.

Malwarebytes
Open in Source
#vulnerability#web#android#mac#windows#google#linux#zero_day#chrome#firefox
BADBOX 2.0 Found Preinstalled on Android IoT Devices Worldwide

BADBOX variant BADBOX 2.0 found preinstalled on Android IoT devices in 222 countries, turning them into proxy nodes used in fraud and large-scale malicious activity.

Dating app scammer cons former US army colonel into leaking national secrets

A former US army colonel faces up to ten years in prison after revealing national secrets on a foreign dating app.

New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code

Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package name: A benign "decoy" app that's hosted on the Google Play Store and its evil twin, which is

Altered Telegram App Steals Chinese Users' Android Data

Using more than 600 domains, attackers entice Chinese-speaking victims to download a vulnerable Telegram app that is nearly undetectable on older versions of Android.

Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack

Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users.

Hitachi Energy Asset Suite

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.1 ATTENTION: Exploitable remotely/low attack complexity Vendor: Hitachi Energy Equipment: Energy Asset Suite Vulnerabilities: Incomplete List of Disallowed Inputs, Plaintext Storage of a Password, Out-of-bounds Write, Release of Invalid Pointer or Reference 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to gain unauthorized access to the target equipment, perform remote code executions, or escalate privileges. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS Hitachi Energy reports that the following products are affected: Asset Suite AnyWhere for Inventory (AWI) Android mobile app: Versions 11.5 and prior (CVE-2019-9262, CVE-2019-9429, CVE-2019-9256, CVE-2019-9290) Asset Suite 9 series: Version 9.6.4.4 (CVE-2025-1484, CVE-2025-2500) Asset Suite 9 series: Version 9.7 (CVE-2025-2500) 3.2 VULNERABILITY OVERVIEW 3.2.1 INCOMPLETE LIST OF DISALLOWED INPUTS CWE-184 A vulnerability exists in the media upload compon...

Anatsa Android Banking Trojan Hits 90,000 Users with Fake PDF App on Google Play

Cybersecurity researchers have discovered an Android banking malware campaign that has leveraged a trojan named Anatsa to target users in North America using malicious apps published on Google's official app marketplace. The malware, disguised as a "PDF Update" to a document viewer app, has been caught serving a deceptive overlay when users attempt to access their banking application, claiming

No thanks: Google lets its Gemini AI access your apps, including messages

Google says it's Gemini AI will soon be able to access your messages, WhatsApp, and utilities on your phone. But we're struggling to see that as a good thing.

Pakistan’s Transparent Tribe Hits Indian Defence with Linux Malware

Pakistan’s APT36 Transparent Tribe uses phishing and Linux malware to target Indian defence systems running BOSS Linux says Cyfirma.