#ios

Scammers Steal $1 Million in Crypto Using Fake Delta and AMC Sites

Cybersecurity firm Netcraft has discovered a new task scam cluster that has stolen over $1 million in crypto.…

3 days ago

Libbiosig, Tenda, SAIL, PDF XChange, Foxit vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed ten vulnerabilities in BioSig Libbiosig, nine in Tenda AC6 Router, eight in SAIL, two in PDF-XChange Editor, and one in a Foxit PDF Reader. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in

3 days ago

TALOS

Open in Source

#vulnerability #web #ios #mac #windows #amazon #linux #cisco #dos #java #intel #c++#rce #pdf #bios #buffer_overflow #auth #wifi

Developer verification: a promised lift for Android security

To reduce the number of harmful apps targeting Android users, Google is making some changes.

3 days ago

Malwarebytes

Open in Source

#ios #android #google #amazon #git #botnet #samsung #huawei #xiaomi

More vulnerable stalkerware victims’ data exposed in new TheTruthSpy flaw

TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system.

3 days ago

Malwarebytes

Open in Source

#vulnerability #web #ios #android #git

77 malicious apps removed from Google Play Store

Researchers have found 77 malicious apps in the official Google Play Store, ranging from adware to state of the art banking Trojans.

3 days ago

Malwarebytes

Open in Source

#ios #android #google

GHSA-9ccg-6pjw-x645: ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution

## Summary A format string bug vulnerability exists in `InterpretImageFilename` function where user input is directly passed to `FormatLocaleString` without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. <br> ## Details ### root cause ``` MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, Image *image,const char *format,int value,char *filename, ExceptionInfo *exception) { ... while ((cursor=strchr(cursor,'%')) != (const char *) NULL) { const char *q = cursor; ssize_t offset = (ssize_t) (cursor-format); cursor++; /* move past '%' */ if (*cursor == '%') { /* Escaped %%. */ cursor++; continue; } /* Skip padding digits like %03d. */ if (isdigit((int) ((unsigned char) *cursor)) != 0) (void) strtol(cursor,(char **) &cursor,10); switch (*cursor) ...

4 days ago

ghsa

Open in Source

#vulnerability #web #ios #linux #git #rce

How to Streamline Your Game Development Process: 4 Smart Solutions

Development teams worldwide spend countless hours wrestling with the same persistent challenges: tight deadlines, resource constraints, and the…

5 days ago

HackRead

Open in Source

#ios #android #mac #intel #perl #ssl

postMessaged and Compromised

At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the risks of misconfigured postMessage handlers across Microsoft services and how MSRC worked with engineering teams to mitigate them.

6 days ago

msrc-blog

Open in Source