Wiz + Spotify Backstage: Security at the Developer’s Desk

Bring Wiz Issues directly into Backstage, so developers can act on security issues in the tools they use everyday...

Spotify and Major Music Labels Sue Anna’s Archive for $13 Trillion

Spotify and the Big Three labels have filed a record-breaking $13 trillion lawsuit against Anna’s Archive over a massive music data scrape. Find out what this means for the future of digital music...

A week in security (December 22 – December 28)

Last week on Malwarebytes Labs: Pornhub tells users to expect sextortion emails after data exposure Hacktivists claim near-total Spotify music scrape Stay safe! We don 't just report on threats—we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headlin...

Hacktivists claim near-total Spotify music scrape

Hacktivist group Anna’s Archive claims to have scraped almost all of Spotify’s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform into a roughly 300 TB pirate “preservation archive.” On its blog, the group states: “A while ago, we discovered a way to scrape...

Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape

Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how "Anna’s Archive" bypassed security, and why experts warn against downloading the leaked files...

[SECURITY] Fedora 42 Update: python-spotipy-2.25.2-1.fc42

A light weight Python library for the Spotify Web API...

[SECURITY] Fedora 41 Update: python-spotipy-2.25.2-1.fc41

A light weight Python library for the Spotify Web API...

[SECURITY] Fedora 43 Update: python-spotipy-2.25.2-1.fc43

A light weight Python library for the Spotify Web API...

EUVD-2025-199770

Spotipy has a XSS vulnerability in its OAuth callback server...

Spotipy 跨站脚本漏洞

Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A cross-site scripting vulnerability exists in Spotipy versions prior to 2.25.2, which stems from the OAuth callback server failing to clean up incorrect parameters, which could lead to a...

EUVD-2017-8902

Malware in sbrugna...

EUVD-2018-11805

Malware in sbrugna...

EUVD-2023-48504

Malicious code in bioql PyPI...

EUVD-2021-28081

Malicious code in bioql PyPI...

EUVD-2025-5469

Malicious code in bioql PyPI...

EUVD-2025-29012

Malicious code in bioql PyPI...

EUVD-2024-25314

Malicious code in bioql PyPI...

EUVD-2022-6928

Malicious code in bioql PyPI...

OSV-2025-765 Security exception in com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=446027675 Crash type: Security exception Crash state: com.spotify.docker.client.shaded.com.fasterxml.jackson.databind.util.TokenBuffer java.base/java.lang.StringUTF16.newBytesFor java.base/java.lang.StringUTF16.toBytes...

CVE-2025-9879

The Spotify Embed Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotify' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...