Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Update your Android! Google patches 111 vulnerabilities, 2 are critical

Google has issued updates to patch a whopping 111 Android vulnerabilities, including two actively exploited ones.

Malwarebytes
Open in Source
#vulnerability#ios#android#mac#google#linux#wifi
Governance-Driven Automation: How Flowable Is Redefining Digital Process Management

A newly published independent research report highlights Flowable’s rise in the digital process automation market. Built on open-source…

Detecting Data Leaks Before Disaster

In January 2025, cybersecurity experts at Wiz Research found that Chinese AI specialist DeepSeek had suffered a data leak, putting more than 1 million sensitive log streams at risk. According to the Wiz Research team, they identified a publicly accessible ClickHouse database belonging to DeepSeek. This allowed “full control over database operations, including the ability to access

PayPal users targeted in account profile scam

A highly sophisticated email scam is targeting PayPal users with the subject line of "Set up your account profile."

What Is a Passkey? Here’s How to Set Up and Use Them (2025)

Passkeys were built to enable a password-free future. Here's what they are and how you can start using them.

CISA Adds TP-Link and WhatsApp Flaws to KEV Catalog Amid Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a high-severity security flaw impacting TP-Link TL-WA855RE Wi-Fi Ranger Extender products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability, CVE-2020-24363 (CVSS score: 8.8), concerns a case of missing authentication that could be abused to obtain

GHSA-9gh8-9r95-3fc3: MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction

### Summary The vulnerability allows any user to overwrite any files available under the account privileges of the running process. ### Details As part of static analysis, iOS MobSF supports loading and parsing statically linked libraries `.a`. When parsing such archives, the code extracts the embedded objects to the file system in the working directory of the analysis. The problem is that the current implementation does not prohibit absolute file names inside `.a`. If an archive item has a name like /abs/path/to/file, the resulting path is constructed as Path(dst) /name; for absolute paths, this leads to a complete substitution of the destination directory: writing occurs directly to the specified absolute directory. the path (outside the working directory). Thus, an authenticated user who uploaded a specially prepared `.a`, can write arbitrary files to any directory writable by the user of the MobSF process (for example, `/tmp`, neighboring directories inside `~/.MobSF`, etc.). Th...

Tax refund scam targets Californians

Californians are receiving scammy text messages that tell them they're owed a tax refund. Don't click any links or reply!

WhatsApp fixes vulnerability used in zero-click attacks

WhatsApp has patched a vulnerability that was used in conjunction with an Apple vulnerability in zero-click attacks.

How to set up two-step verification on your WhatsApp account

This guide gives step-by-step instructions how how to enable two-step verification for WhatsApp on Android, iOS, and iPadOS