Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

EUVD-2020-3264

Malware in sbrugna...

EUVD-2019-6476

Malware in sbrugna...

EUVD-2021-16418

Malware in sbrugna...

EUVD-2023-30610

Malicious code in bioql PyPI...

EUVD-2025-14894

Malicious code in bioql PyPI...

CVE-2021-29959

When a user has already allowed a website to access microphone and camera, disabling camera sharing would not fully prevent the website from re-enabling it without an additional prompt. This was only possible if the website kept recording with the microphone until re-enabling the camera. This...

CVE-2019-15743

The Sony Xperia Touch Android device with a build fingerprint of Sony/blancwindy/blancwindy:7.0/LOIRE-SMART-BLANC-1.0.0-170530-0834/1:user/dev-keys contains a pre-installed app with a package name of com.sonymobile.android.maintenancetool.testmic app versionCode=24, versionName=7.0 that allows...

CVE-2019-15470

The Xiaomi Redmi Note 6 Pro Android device with a build fingerprint of xiaomi/tulip/tulip:8.1.0/OPM1.171019.011/V10.2.2.0.OEKMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=27, versionName=8.1.0 that allows other...

CVE-2024-58101

Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity...

SAMSUNG Galaxy Buds 安全漏洞

SAMSUNG Galaxy Buds is a wireless Bluetooth headset from South Korea's Samsung SAMSUNG that supports active noise cancellation and voice assistant. A security vulnerability exists in SAMSUNG Galaxy Buds, which stems from a default Bluetooth pairing mode that may result in audio takeover or...

CVE-2024-58101

Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity...

CVE-2024-58101

Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity...

CVE-2024-58101

CVE-2024-58101 affects Samsung Galaxy Buds and Galaxy Buds 2. The issue arises because Bluetooth pairing is enabled by default, allowing pairings without user input or an option to disable this mode. Impact described in sources includes potential audio playback takeover and microphone recording w...

Stealth Soldier: A New Custom Backdoor Targets North Africa with Espionage Attacks

A new custom backdoor dubbed Stealth Soldier has been deployed as part of a set of highly-targeted espionage attacks in North Africa. "Stealth Soldier malware is an undocumented backdoor that primarily operates surveillance functions such as file exfiltration, screen and microphone recording,...

CloudWizard APT: the bad magic story goes on

In March 2023, we uncovered a previously unknown APT campaign in the region of the Russo-Ukrainian conflict that involved the use of PowerMagic and CommonMagic implants. However, at the time it was not clear which threat actor was behind the attack. Since the release of our report about...

Australian Hacker Charged with Creating, Selling Spyware to Cyber Criminals

A 24-year-old Australian national has been charged for his purported role in the creation and sale of spyware for use by domestic violence perpetrators and child sex offenders. Jacob Wayne John Keen, who currently resides at Frankston, Melbourne, is said to have created the remote access trojan R...

Zulip Desktop License Issue Vulnerability

Zulip Desktop is a desktop version of the team chat application from Zulip USA. An authorization issue vulnerability exists in versions prior to Zulip Desktop 5.0.0, which stems from allowing an attacker to record from a webcam and microphone because of an unprivileged request processor...

CVE-2020-10858

Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due to a missing permission request handler...

CVE-2019-15967

A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint CE and Cisco RoomOS Software could allow an authenticated, local attacker to enable audio recording without notifying users. The vulnerability is due to the presence of unnecessary debug commands. An attacker could exploit th...