Security
Headlines
HeadlinesLatestCVEs

Tag

#web

Pre-Installed Malware on Cheap Android Phones Steals Crypto via Fake WhatsApp

Cheap Android phones with preinstalled malware use fake apps like WhatsApp to hijack crypto transactions and steal wallet recovery phrases.

HackRead
Open in Source
#web#android#google#git#sap
GHSA-hmp7-x699-cvhq: Argo Events users can gain privileged access to the host system and cluster with EventSource and Sensor CR

### Summary: A user with permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges. ### Details: The `EventSource` and `Sensor` CRs allow the corresponding orchestrated pod to be customized with `spec.template` and `spec.template.container` (with type `k8s.io/api/core/v1.Container`), thus, any specification under `container` such as `command`, `args`, `securityContext `, `volumeMount` can be specified, and applied to the EventSource or Sensor pod due to the code logic below. ```golang if args.EventSource.Spec.Template != nil && args.EventSource.Spec.Template.Container != nil { if err := mergo.Merge(&eventSourceContainer, args.EventSource.Spec.Template.Container, mergo.WithOverride); err != nil { return nil, err } } ``` With these, A user would be able to gain privileged access to the cluster host, if he/she specified the Even...

GHSA-6rqh-8465-2xcw: Mattermost vulnerable to Incorrect Implementation of Authentication Algorithm

Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials.

GHSA-wwhj-pw6h-f8hw: Mattermost Incorrect Authorization vulnerability

Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.

No, it’s not OK to delete that new inetpub folder

A newly created inetpub folder turns out to be part of a Microsoft update against a vulnerability tracked as CVE-2025-21204

CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide

Despite their hacktivist front, CyberAv3ngers is a rare state-sponsored hacker group bent on putting industrial infrastructure at risk—and has already caused global disruption.

TraderTraitor: The Kings of the Crypto Heist

Allegedly responsible for the theft of $1.5 billion in cryptocurrency from a single exchange, North Korea’s TraderTraitor is one of the most sophisticated cybercrime groups in the world.

Smishing Triad: The Scam Group Stealing the World’s Riches

Millions of scam text messages are sent every month. The Chinese cybercriminals behind many of them are expanding their operations—and quickly innovating.

Malwarebytes named &#8220;Best Antivirus Software&#8221; and &#8220;Best Malware Removal Service&#8221;

Malwarebytes has been rewarded with prestigious accolades by two renowned publications, PCMag and CNET.

Data Breach at Planned Parenthood Lab Partner Exposes Info of 1.6M

Data breach at Laboratory Services Cooperative (LSC) exposed the sensitive health and personal information of 1.6 million individuals…