Security
Headlines
HeadlinesLatestCVEs

Tag

#ios

Developer verification: a promised lift for Android security

To reduce the number of harmful apps targeting Android users, Google is making some changes.

Malwarebytes
Open in Source
#ios#android#google#amazon#git#botnet#samsung#huawei#xiaomi
More vulnerable stalkerware victims’ data exposed in new TheTruthSpy flaw

TheTruthSpy is at it again. A security researcher has discovered a flaw in the Android-based stalkerware that allows anyone to compromise any record in the system.

77 malicious apps removed from Google Play Store

Researchers have found 77 malicious apps in the official Google Play Store, ranging from adware to state of the art banking Trojans.

GHSA-9ccg-6pjw-x645: ImageMagick has a Format String Bug in InterpretImageFilename leads to arbitrary code execution

## Summary A format string bug vulnerability exists in `InterpretImageFilename` function where user input is directly passed to `FormatLocaleString` without proper sanitization. An attacker can overwrite arbitrary memory regions, enabling a wide range of attacks from heap overflow to remote code execution. <br> ## Details ### root cause ``` MagickExport size_t InterpretImageFilename(const ImageInfo *image_info, Image *image,const char *format,int value,char *filename, ExceptionInfo *exception) { ... while ((cursor=strchr(cursor,'%')) != (const char *) NULL) { const char *q = cursor; ssize_t offset = (ssize_t) (cursor-format); cursor++; /* move past '%' */ if (*cursor == '%') { /* Escaped %%. */ cursor++; continue; } /* Skip padding digits like %03d. */ if (isdigit((int) ((unsigned char) *cursor)) != 0) (void) strtol(cursor,(char **) &cursor,10); switch (*cursor) ...

How to Streamline Your Game Development Process: 4 Smart Solutions

Development teams worldwide spend countless hours wrestling with the same persistent challenges: tight deadlines, resource constraints, and the…

postMessaged and Compromised

At Microsoft, securing the ecosystem means more than just fixing bugs—it means proactively hunting for variant classes, identifying systemic weaknesses, and working across teams to protect customers before attackers ever get the chance. This blog highlights one such effort: a deep dive into the risks of misconfigured postMessage handlers across Microsoft services and how MSRC worked with engineering teams to mitigate them.

CTM360 Report Explains How Emotions Fuel Modern Fraud

CTM360 research reveals how scammers hook their victims through manipulative traps built on AI, stolen data, and brand…

Hackers Could Take Over Apple Devices Via Malicious Images – Patch Now!

Apple fixes CVE-2025-43300, a flaw letting hackers hijack devices via malicious images. Users urged to update iPhone, iPad,…

US Government Seeks Medical Records of Trans Youth

Plus: Google wants billions of Chrome users to install an emergency fix, Kristi Noem is on the move, and North Korean IT workers are everywhere.

All Apple users should update after company patches zero-day vulnerability in all platforms

Apple has released security updates to patch a zero-day vulnerability tracked as CVE-2025-43300 for all platforms