A week in security (March 23 – March 29)

Last week on Malwarebytes Labs: Criminals are renting virtual phones to bypass bank security Bogus Avast website fakes virus scan, installs Venom Stealer instead Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka GlassWorm attack installs fake browser extension for...

CVE-2026-28500

A flaw was found in Open Neural Network Exchange ONNX, an open standard for machine learning interoperability. A security control bypass exists in the onnx.hub.load function due to improper logic in its repository trust verification. An attacker can exploit this by providing a malicious model,...

CVE-2026-28500

Open Neural Network Exchange ONNX is an open standard for machine learning interoperability. In versions up to and including 1.20.1, a security control bypass exists in onnx.hub.load due to improper logic in the repository trust verification mechanism. While the function is designed to warn users...

ONNX Untrusted Model Repository Warnings Suppressed by silent=True in onnx.hub.load() — Silent Supply-Chain Attack

What's the issue Passing silent=True to onnx.hub.load kills all trust warnings and user prompts. This means a model can be downloaded from any unverified GitHub repo with zero user awareness. python if not verifyreporefrepo and not silent: completely skipped when silent=True print"The model repo...

CVE-2025-64106

Cursor is a code editor built for programming with AI. In versions 1.7.28 and below, an input validation flaw in Cursor's MCP server installation enables specially crafted deep-links to bypass the standard security warnings and conceal executed commands from users if they choose to accept the...

EUVD-2006-0771

Malware in sbrugna...

CVE-2002-2351

Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." dot...

CVE-2025-46724 Langroid has a Code Injection vulnerability in TableChatAgent

Langroid is a Python framework to build large language model LLM-powered applications. Prior to version 0.53.15, TableChatAgent uses pandas eval. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes...

CVE-2024-13513

creationtimestamp| type| source ---|---|--- 2025-02-15 07:34:52+00:00| seen| https://infosec.exchange/users/cve/statuses/114006746171699870 2025-02-15 08:15:30+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3li7bmj2giw2o 2025-02-15 08:48:20+00:00| seen|...

CVE-2025-20165

creationtimestamp| type| source ---|---|--- 2025-01-22 16:15:22+00:00| seen| https://infosec.exchange/users/screaminggoat/statuses/113872897424390072 2025-01-22 17:01:50+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/2578 2025-01-22 17:15:46+00:00| seen|...

CVE-2023-34398

creationtimestamp| type| source ---|---|--- 2025-01-17 13:35:07+00:00| seen| https://poliverso.org/objects/0477a01e-45ff02b8-52616ac586aa8672 2025-02-13 22:06:49+00:00| seen| https://infosec.exchange/users/cve/statuses/113998850197090508 2025-02-13 22:15:36+00:00| seen|...

New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites

Cybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024. Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the...

New Chrome Feature Scans Password-Protected Files for Malicious Content

Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informe...

How to Detect Issuer Certificates and Comply with Google Chrome’s New Entrust Certificate Policy Using Qualys Certificate View

Google has announced that Chrome 127 and higher will no longer trust certain TLS certificates issued by Entrust, effective November 1, 2024. This change is significant and could potentially disrupt businesses relying on Entrust-issued certificates. Google stated that "publicly disclosed incident...

Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal

Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful...

A week in security (April 29 – May 5)

Last week on Malwarebytes Labs: You get a passkey, you get a passkey, everyone should get a passkey Dropbox Sign customer data accessed in breach Watch out for tech support scams lurking in sponsored search results Psychotherapy practice hacker gets jail time after extorting patients, publishing...

19 million plaintext passwords exposed by incorrectly configured Firebase instances

Three researchers scanned the internet for vulnerable Firebase instances, looking for personally identifiable information PII. Firebase is a platform for hosting databases, cloud computing, and app development. Its owned by Google and was set up to help developers build and ship apps. What the...

Authorization Bypass

chromium is vulnerable to Authorization Bypasses. This obfuscation vulnerability could be exploited by a malicious website. The vulnerability could allows an attacker to hide security warnings and notifications from the user, making it easier to trick the user into clicking on a malicious link or...

Authorization Bypass

chromium is vulnerable to Authorization Bypasses. This obfuscation vulnerability could be exploited by a malicious website. The vulnerability could allow an attacker to hide security warnings and notifications from the user, making it easier to trick the user into granting permissions that they...

Consensys: CSV Injection at https://assets-paris-demo.codefi.network/

Summary: Hi consensys Security Team. I have found CSV Injection when generate report at https://assets-paris-demo.codefi.network/ CSV Injection, also known as Formula Injection, occurs when websites embed untrusted input inside CSV files. When a spreadsheet program such as Microsoft Excel or...