Security
Headlines
HeadlinesLatestCVEs

Tag

#android

Tile Tracking Tags Can Be Exploited by Tech-Savvy Stalkers, Researchers Say

A team of researchers found that, by not encrypting the data broadcast by Tile tags, users could be vulnerable to having their location information exposed to malicious actors.

Wired
Open in Source
#android#mac#apple#google#amazon#git#perl#samsung#dell
A week in security (September 22 – September 28)

A list of topics we covered in the week of September 22 to September 28 of 2025

Vane Viper Generates 1 Trillion DNS Queries to Power Global Malware and Ad Fraud Network

The threat actor known as Vane Viper has been outed as a purveyor of malicious ad technology (adtech), while relying on a tangled web of shell companies and opaque ownership structures to deliberately evade responsibility. "Vane Viper has provided core infrastructure in widespread malvertising, ad fraud, and cyberthreat proliferation for at least a decade," Infoblox said in a technical report

Threatsday Bulletin: Rootkit Patch, Federal Breach, OnePlus SMS Leak, TikTok Scandal & More

/* ===== Container ===== */ .td-wrap {} /* ===== Section ===== */ .td-section { } .td-title { margin: 16px 0 4px; font-size: 32px; line-height: 1.2; font-weight: 800; } .td-subtitle { margin: 0 0 24px; color: #64748b; font-size: 16px; } /* ===== Timeline ===== */ .td-timeline { position: relative; margin: 0 !important;padding: 0!important; list-style: none; } /* spine */ .td-timeline:before {

GHSA-54j7-grvr-9xwg: Command Injection in adb-mcp MCP Server

# Command Injection in adb-mcp MCP Server The MCP Server at https://github.com/srmorete/adb-mcp is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementation. The MCP Server is also published publicly to npm at www.npmjs.com/package/adb-mcp and allows users to install it. ## Vulnerable tool The MCP Server defines the function `executeAdbCommand()` which executes commands via string as a parameter and wraps the promise-based `exec` function. The MCP Server then exposes the tool `inspect_ui` which relies on Node.js child process API `exec` (through the function wrapper) to execute the Android debugging command (`adb`). Relying on `exec` is an unsafe and vulnerable API if concatenated with untrusted user input. Data flows from the tool definition [here](https://github.com/srmorete/adb-mcp/blob/master/src/index.ts#L334-L343) which takes in `args.device` and calls `execPromise()` in [this definiti...

Malwarebytes for Teams now includes VPN

Malwarebytes for Teams now includes personal VPN to encrypt your traffic and broaden your access across the web.

How to Use 1Password's Travel Mode at the Border (2025)

Travel Mode not only hides your most sensitive data—it acts as if that data never existed in the first place.

How Major SOCs Achieve Early Threat Detection in 3 Steps

Every SOC leader understands that faster threat detection is better. But the difference between knowing it and building…

Scammers are impersonating the FBI to steal your personal data

Been invited to report a scam to the FBI? Beware of fake versions of the IC3 website—they lead straight back to the scammers.

Beware of Zelle transfer scams

Zelle scams are back, or perhaps they never went away. Here's what to look out for.