The vulnerability of the Industrial Edge Device Kit’s software for data collection, processing, and analysis is related to deficiencies in authentication procedures, allowing attackers to circumvent security restrictions.

The vulnerability of the Industrial Edge Device Kit’s software for data collection, processing, and analysis is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to circumvent security restrictions remotely...

Malicious code in f0-data-collection-service-mock (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd259047f778caae5a62f90a3e65d036275f868a44c49abb25887167bbfdda91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2759 Malicious code in f0-data-collection-service-mock (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bd259047f778caae5a62f90a3e65d036275f868a44c49abb25887167bbfdda91 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-27147

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory SNMP, software deployment, VMWare ESX host remote inventory, and data collection files, Windows registry, WMI. Versions prior to 1.5.0 have an improper access control vulnerability...

Moving from WhatsApp to Signal: A good idea?

This week we learned that the US Government uses Signal for communication, after a journalist was accidentally added to a Signal chat. Accidental additions of people aside, the news has got regular folks asking if they should, too, be using Signal for private communications. Probably the largest...

CVE-2025-30810

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Blind SQL Injection.This issue affects Lead Form Data Collection to CRM: from n/a through = 3.0.1...

CVE-2025-30810 WordPress Lead Form Data Collection to CRM plugin <= 3.0.1 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Smackcoders Inc., Lead Form Data Collection to CRM wp-leads-builder-any-crm allows Blind SQL Injection.This issue affects Lead Form Data Collection to CRM: from n/a through = 3.0.1...

CVE-2025-27147

The GLPI Inventory Plugin handles various types of tasks for GLPI agents, including network discovery and inventory SNMP, software deployment, VMWare ESX host remote inventory, and data collection files, Windows registry, WMI. Versions prior to 1.5.0 have an improper access control vulnerability...

CVE-2025-27147

The CVE-2025-27147 issue affects the GLPI Inventory Plugin used with GLPI, where versions prior to 1.5.0 contain an improper access control vulnerability. Reported details across connected sources consistently point to an access-control weakness in GLPI Inventory Plugin tasks (network discovery, ...

What Google Chrome knows about you, with Carey Parker (Lock and Code S06E06)

This week on the Lock and Code podcast … Google Chrome is, by far, the most popular web browser in the world. According to several metrics, Chrome accounts for anywhere between 52% and 66% of the current global market share for web browser use. At that higher estimate, that means that, if the 5.5...

Arcane stealer: We want all your data

At the end of 2024, we discovered a new stealer distributed via YouTube videos promoting game cheats. What's intriguing about this malware is how much it collects. It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla...

Linux Distros Unpatched Vulnerability : CVE-2014-5270

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it...

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that's capable of...

Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics

Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies,"...

CVE-2025-26561

creationtimestamp| type| source ---|---|--- 2025-02-13 14:17:08+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li2uvd6kt42h 2025-02-13 14:26:00+00:00| seen| https://infosec.exchange/users/cve/statuses/113997038228555798 2025-02-13 15:12:21+00:00| seen|...

Experts Flag Security, Privacy Risks in DeepSeek AI App

New mobile apps from the Chinese artificial intelligence AI company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys,...

Malicious code in lightgboost (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 03aea882aa08832e53ccfb267fe4b95c9ea4f24ea51ceeaaa4a85557e67ce15b Packages are designed to collect basic info about the user when importing them, and have no other purpose. While they claim to do so, some packages from the sa...

MAL-2025-191781 Malicious code in lightgboost (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 03aea882aa08832e53ccfb267fe4b95c9ea4f24ea51ceeaaa4a85557e67ce15b Packages are designed to collect basic info about the user when importing them, and have no other purpose. While they claim to do so, some packages from the sa...

CVE-2024-4341

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users. This issue affects Extreme XDS: before 3928...

CVE-2025-22205

creationtimestamp| type| source ---|---|--- 2025-02-04 07:44:02+00:00| seen| https://infosec.exchange/users/cve/statuses/113944496835291162 2025-02-04 08:17:12+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhdmlfxpnd2j 2025-02-04 10:32:32+00:00| seen|...