#ios

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Dreame Technology Equipment: Dreamehome and MOVAhome mobile applications Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could result in unauthorized information disclosure. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of the Dreame and MOVA mobile apps are affected: Dreamehome iOS app: Versions 2.3.4 and prior Dreamehome Android app: Versions 2.1.8.8 and prior MOVAhome iOS app: Versions 1.2.3 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 A TLS vulnerability exists in the phone application used to manage a connected device. The phone application accepts self-signed certificates when establishing TLS communication which may result in man-in-the-middle attacks on untrusted networks. Captured communications may include user credentials and sensitive session tokens. CVE-2025-8393 has bee...

TeaOnHer turns out to be at least as leaky as its female counterpart, Tea Dating Advice app.

Malwarebytes has been awarded the prestigious MRG Effitas Android 360° Certificate, one of the toughest independent tests in mobile security.

Weight loss scams prey on insecurities, and scammers are abusing celebrities and fake news sites to deceive people.

Human judgement remains central to the launch of nuclear weapons. But experts say it’s a matter of when, not if, artificial intelligence will get baked into the world’s most dangerous systems.

Google has patched 6 vulnerabilities in Android including two critical ones, one of which can compromise a device without the user needing to do anything.

Talos reported 5 vulnerabilities to Broadcom and Dell affecting both the ControlVault3 Firmware and its associated Windows APIs that we are calling “ReVault”.

Receiving an unexpected package in the post is not always a pleasant surprise.

We’re thrilled to share that this year, the Microsoft Bounty Program has distributed $17 million to 344 security researchers from 59 countries, the highest total bounty awarded in the program’s history. In close collaboration with the Microsoft Security Response Center (MSRC), these security researchers have helped identify and resolve more than a thousand potential vulnerabilities, strengthening protections for Microsoft customers around the world.

In 2023, Cisco Talos and partners created a special Backdoors & Breaches card deck to help NGOs improve their cybersecurity skills with practical, easy-to-use training tailored to their needs.