Security
Headlines
HeadlinesLatestCVEs

Tag

#git

Google’s Advanced Protection for Vulnerable Users Comes to Android

A new extra-secure mode for Android 16 will let at-risk users lock their devices down.

Wired
Open in Source
#vulnerability#web#ios#android#mac#apple#google#microsoft#git#java#buffer_overflow#chrome
Google Is Using On-Device AI to Spot Scam Texts and Investment Fraud

Android’s “Scam Detection” protection in Google Messages will now be able to flag even more types of digital fraud.

iClicker Website Hacked with Fake CAPTCHA in ClickFix Attack

Popular student engagement platform iClicker’s website was compromised with a ClickFix attack. A fake “I’m not a robot”…

GHSA-98cv-wqjx-wx8f: sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders

### Summary Users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list <pathname>`. ### PoC As root: ``` # mkdir /tmp/foo # chmod a-rwx /tmp/foo # touch /tmp/foo/secret_file ``` As a user without any (or limited) sudo rights: ``` $ sudo --list /tmp/foo/nonexistent_file sudo-rs: '/tmp/foo/nonexistent_file': command not found $ $ sudo --list /tmp/foo/secret_file sudo-rs: Sorry, user eve may not run sudo on host. ``` I.e. the user can distinguish whether files exist. ### Related Original sudo (vulnerable version tested by us: 1.9.15p5) exhibited similar behaviour for files with the executable bit set. ### Impact Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. ### Credits This issue was identified by sudo-rs developer Ma...

An $8.4 Billion Chinese Hub for Crypto Crime Is Incorporated in Colorado

Before a crackdown by Telegram, Xinbi Guarantee grew into one of the internet’s biggest markets for Chinese-speaking crypto scammers and money laundering. And all registered to a US address.

Roblox Lawsuit Claims Hidden Tracking Used to Monetize Kids Data

Roblox hit with class action over alleged secret tracking of kids’ data; lawsuit claims privacy law violations and…

Practical Ways to Improve Your Digital Efficiency

Optimizing your online productivity is more important than ever. Whether you’re a business owner, freelancer, or simply someone…

Anonymous Hackers Steal Flight Data from US Deportation Airline GlobalX

A hacker group claiming affiliation with Anonymous says it breached GlobalX Airlines, leaking sensitive flight and passenger data…

GHSA-2487-9f55-2vg9: OZI-Project/ozi-publish Code Injection vulnerability

### Impact Potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. ### Patches This is patched in 1.13.6 ### Workarounds Downgrade to <1.13.2 ### References * [Understanding the Risk of Script Injections](https://docs.github.com/en/actions/security-for-github-actions/security-guides/security-hardening-for-github-actions#understanding-the-risk-of-script-injections)

FakeUpdates, Remcos, AgentTesla Top Malware Charts in Stealth Attack Surge

Check Point’s April 2025 malware report reveals increasingly sophisticated and hidden attacks using familiar malware like FakeUpdates, Remcos,…