Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Malwarebytes earns MRG Effitas Android 360° Certificate for mobile threat detection 

Malwarebytes has been awarded the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security.

Malwarebytes
#vulnerability#ios#android#git
Weight loss scams, or why ‘Jodie Foster’ wants me to lose weight

Weight loss scams prey on insecurities, and scammers are abusing celebrities and fake news sites to deceive people.

Critical Android vulnerabilities patched—update as soon as you can

Google has patched 6 vulnerabilities in Android including two critical ones, one of which can compromise a device without the user needing to do anything.

Google’s August Patch Fixes Two Qualcomm Vulnerabilities Exploited in the Wild

Google has released security updates to address multiple security flaws in Android, including fixes for two Qualcomm bugs that were flagged as actively exploited in the wild. The vulnerabilities include CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), both of which were disclosed alongside CVE-2025-21480 (CVSS score: 8.6), by the chipmaker back in June 2025. CVE-2025-21479

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

Cybersecurity researchers have discovered a nascent Android remote access trojan (RAT) called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new infections per week, is driven by aggressive campaigns focusing on Spanish and French speakers, indicating a strategic

Apple ID scam leads to $27,000 in-person theft of Ohio man

An Ohio man lost $27,000 after an Apple ID scam text hit his phone. The strangest part? It happened at his doorstep.

That seemingly innocent text is probably a scam

Scammers are using texts that appear to have been sent to a wrong number to get targets to engage in a conversation.

Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauth Code Invasion

The EVE X1 server suffers from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the 'passwd' HTTP POST parameter in /ajax/php/login.php script.

Ilevia EVE X1 Server 4.7.18.0.eden (db_log) Pre-Auth File Disclosure

The controller suffers from an unauthenticated file disclosure vulnerability. Using the 'db_log' POST parameter, attackers can disclose arbitrary files on the affected device and disclose sensitive and system information.