Security
Headlines
HeadlinesLatestCVEs

Tag

#intel

BADBOX 2.0 Found Preinstalled on Android IoT Devices Worldwide

BADBOX variant BADBOX 2.0 found preinstalled on Android IoT devices in 222 countries, turning them into proxy nodes used in fraud and large-scale malicious activity.

HackRead
Open in Source
#android#google#amazon#git#java#intel#backdoor#botnet
GHSA-7xwp-2cpp-p8r7: File Browser’s insecure JWT handling can lead to session replay attacks after logout

### Summary File Browser’s authentication system issues long-lived JWT tokens that remain valid even after the user logs out. Please refer to the CWE's listed in this report for further reference and system standards. In summary, the main issue is: - Tokens remain valid after logout (session replay attacks) In this report, I used docker as the documentation instruct: ``` docker run \ -v filebrowser_data:/srv \ -v filebrowser_database:/database \ -v filebrowser_config:/config \ -p 8080:80 \ filebrowser/filebrowser ``` ### Details **Issue: Tokens remain valid after logout (session replay attacks)** After logging in and receiving a JWT token, the user can explicitly "log out." However, this action does not invalidate the issued JWT. Any captured token can be replayed post-logout until it expires naturally. The backend does not track active sessions or invalidate existing tokens on logout. Login request: ``` POST /api/login HTTP/1.1 Host: machine.local:8090 Cont...

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

A threat activity cluster has been observed targeting fully-patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances as part of a campaign designed to drop a backdoor called OVERSTEP. The malicious activity, dating back to at least October 2024, has been attributed by the Google Threat Intelligence Group (GTIG) to a group it tracks as UNC6148. The tech giant assessed with

Cut Response Time with This Free, Powerful Threat Intelligence Service

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack

Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users.

Attackers Abuse AWS Cloud to Target Southeast Asian Governments

The intelligence-gathering cyber campaign introduces the novel HazyBeacon backdoor and uses legitimate cloud communication channels for command-and-control (C2) and exfiltration to hide its malicious activities.

Meme Coins in 2025: High Risk, High Reward, and Rising Security Threats

Meme coins started as internet jokes, but by 2025, they’ve become one of the most volatile and talked-about…

Researchers Jailbreak Elon Musk’s Grok-4 AI Within 48 Hours of Launch

Elon Musk’s Grok-4 AI was compromised within 48 hours. Discover how NeuralTrust researchers combined “Echo Chamber” and “Crescendo”…

Is AI “healthy” to use? (Lock and Code S06E14)

This week on the Lock and Code podcast, we speak with Anna Brading and Zach Hinkle about whether using AI is damaging for our health.