CVE-2020-12731

The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications...

A week in security (November 3 – November 9)

Last week on Malwarebytes Labs: Malwarebytes scores 100% in AV-Comparatives Stalkerware Test 2025 Fake CAPTCHA sites now have tutorial videos to help victims install malware Hackers commit highway robbery, stealing cargo and goods Android malware steals your card details and PIN to make instant A...

EUVD-2023-25614

Malicious code in bioql PyPI...

EUVD-2025-26855

Malicious code in bioql PyPI...

CVE-2025-26427

In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-26427

In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-26427

In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-26427

In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2025-26427

CVE-2025-26427 affects Google Android Framework; a path traversal error in multiple locations can grant local escalation of privilege. Exploitation requires user interaction, with no additional execution privileges needed. According to the Android bulletin, this issue is addressed in patch levels...

CVE-2025-26427

In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

ASB-A-200034476

In multiple locations, there is a possible Android/data access due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2023-3736

Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. Chromium security severity: Medium...

Google Android 数据伪造问题漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability, which is caused by improper use of cryptocurrency. An attacker can exploit the vulnerability to gain elevated privileges...

TikTok Surreptitiously Collected Android User Data Using Google-Prohibited Tactic

TikTok has been collecting unique identifiers from millions of Android devices without their users’ knowledge using a tactic previously prohibited by Google because it violated people’s privacy, new research has found. Click to register! The app concealed the practice, which can track users onlin...

Andriller - Software Utility With A Collection Of Forensic Tools For Smartphones

Andriller - is software utility with a collection of forensic tools for smartphones. It performs read-only, forensically sound, non-destructive acquisition from Android devices. It has features, such as powerful Lockscreen cracking for Pattern, PIN code, or Password; custom decoders for Apps data...

Qualcomm Chip Flaws Let Hackers Steal Private Data From Android Devices

Hundreds of millions of devices, especially Android smartphones and tablets, using Qualcomm chipsets, are vulnerable to a new set of potentially serious vulnerabilities. According to a report cybersecurity firm CheckPoint shared with The Hacker News, the flaws could allow attackers to steal...

CVE-2011-1717

Skype for Android stores sensitive user data without encryption in sqlite3 databases that have weak permissions, which allows local applications to read user IDs, contacts, phone numbers, date of birth, instant message logs, and other private information...