Tag
By Waqas Fortunately, the infected version of Telegram carrying Triada malware is being distributed through third-party stores rather than the official Google Play Store. This is a post from HackRead.com Read the original post: Triada Malware Infects Android Devices via Fake Telegram App
Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page.
Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1.
Businesses operating in the Latin American (LATAM) region are the target of a new Windows-based banking trojan called TOITOIN since May 2023. "This sophisticated campaign employs a trojan that follows a multi-staged infection chain, utilizing specially crafted modules throughout each stage," Zscaler researchers Niraj Shivtarkar and Preet Kamal said in a report published last week. "These modules
By Deeba Ahmed In a newly detected muli-stage vishing campaign attackers are using an advanced toolset dubbed LetsCall, featuring strong evasion tactics. This is a post from HackRead.com Read the original post: Advanced Vishing Attack Campaign “LetsCall” Targets Andriod Users
Two file management apps on the Google Play Store have been discovered to be spyware, putting the privacy and security of up to 1.5 million Android users at risk. These apps engage in deceptive behaviour and secretly send sensitive user data to malicious servers in China. Pradeo, a leading mobile security company, has uncovered this alarming infiltration. The report shows that both spyware apps,
By Waqas @GhostyTongue is a Twitter handle with inside information about the latest Nickelodeon data leak and has been posting clips and screenshots from the leaked data for the past couple of days. This is a post from HackRead.com Read the original post: Nickelodeon Data Leak Labeled ‘Old’: Interview with @GhostyTongue Reveals Inside Info
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between June 30 and July 7. As with previous roundups, this post isn't meant to be an in-depth analysis. Instead, this post will summarize the threats we've observed by highlighting key
CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting providers, like AWS, GCP, and Azure, those metadata services API endpoints are not forbidden (aka "blacklisted") by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. Versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3 contain a fix for this issue.