100 matches found
EUVD-2022-37718
Malicious code in bioql PyPI...
EUVD-2022-50143
Malicious code in bioql PyPI...
EUVD-2023-54043
Malicious code in bioql PyPI...
CVE-2025-10212
The SiteAlert Formerly WP Health plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to view the site health information, includi...
CVE-2025-10212 SiteAlert (Formerly WP Health) <= 1.9.8 - Missing Authorization to Unauthenticated Site Health Information Exposure
The SiteAlert Formerly WP Health plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions in all versions up to, and including, 1.9.8. This makes it possible for unauthenticated attackers to view the site health information, includi...
CVE-2025-10212
CVE-2025-10212 concerns the SiteAlert (Formerly WP Health) WordPress plugin. Connected documents confirm a missing capability check in multiple functions across versions up to and including 1.9.8, allowing unauthenticated access to site health information (e.g., installed/outdated plugins, PHP an...
PT-2025-40469
Name of the Vulnerable Software and Affected Versions SiteAlert Formerly WP Health plugin for WordPress versions through 1.9.8 Description The software is susceptible to unauthorized data access because of a missing capability check in several functions. This allows unauthenticated attackers to...
Google and Flo to pay $56 million after misusing users’ health data
Popular period-tracking app Flo Health shared users’ intimate health data—such as menstrual cycles and fertility information—with Google and Meta, allegedly for targeted advertising purposes, according to multiple class-action lawsuits filed in the US and Canada. Between 2016 and 2019, the...
Malicious code in sutter-health-data-services (npm)
The package sutter-health-data-services was found to contain malicious code...
MAL-2025-34243 Malicious code in sutter-health-data-services (npm)
The package sutter-health-data-services was found to contain malicious code...
Meta accessed women’s health data from Flo app without consent, says court
A jury has ruled that Meta accessed sensitive information from a woman's reproductive health tracking app without consent. The app in question is called Flo Health. Developed in 2015 in Belarus to track menstrual cycles, it has evolved over the years as a tracking app for highly detailed, intimat...
SAMSUNG Health 安全漏洞
SAMSUNG Health is a health management app from Samsung South Korea. A security vulnerability exists in SAMSUNG Health versions prior to 6.30.1.003, which stems from improper authorization and could lead to a local attacker accessing health data...
A week in security (July 28 – August 3)
Last week on Malwarebytes Labs: Apple ID scam leads to $27,000 in-person theft of Ohio man OpenAI kills "short-lived experiment" where ChatGPT chats could be found on Google Trump Administration and Big Tech want you to share your health data Prison visitor details shared with all inmates at...
Trump Administration and Big Tech want you to share your health data
US President Donald Trump announced a loose plan Wednesday to allow Americans to voluntarily upload and port their medical records across hospitals, clinics, technology companies, and health apps, with broad participation from Google, Apple, OpenAI, Amazon, and more. While the system could help...
An Algorithmic Pipeline for GDPR-Compliant Healthcare Data Anonymisation: Moving toward Standardisation
High-quality real-world data RWD is essential for healthcare but must be transformed to comply with the General Data Protection Regulation GDPR. GDPRs broad definitions of quasi-identifiers QIDs and sensitive attributes SAs complicate implementation. We aim to standardise RWD anonymisation for GD...
CVE-2024-23706
In multiple locations, there is a possible bypass of health data permissions due to an improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Blue Shield Leaked Millions of Patient Info to Google for Years
Blue Shield of California exposed the health data of 4.7 million members to Google for years due to…...
CVE-2025-20060 Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android Application Exposure of Private Personal Information to an Unauthorized Actor
An attacker could expose cross-user personal identifiable information PII and personal health information transmitted to the Android device via the Dario Health application database...
A week in security (December 9 – December 15)
Last week on Malwarebytes Labs: Encrypted messaging service intercepted, 2.3 million messages read by law enforcement TikTok ban in US: Company seeks emergency injunction to prevent it Data brokers should stop trading health and location data, new bill proposes Update now! Apple releases new...
Data brokers should stop trading health and location data, new bill proposes
Senators introduced a bill on Tuesday that would prohibit data brokers from selling or transferring location and health data. Data brokers have drawn attention this year by leaking several large databases, with the worst being the National Public Data leak. The data breach made international...