Kanova Android App 安全漏洞

Kanova Android App is a social group application by Kanova. A security vulnerability exists in Kanova Android App version 1.0.27, which stems from improper access control and could lead to unauthorized access to user details and obtain group information...

PT-2025-44431

Name of the Vulnerable Software and Affected Versions Mobile Scanner version 2.12.38 Description The Mobile Scanner Android App has a flaw where cloud service credentials are not handled securely. This could allow attackers to gain access to these credentials and perform unauthorized actions. The...

CVE-2025-61121

Mobile Scanner Android App version 2.12.38 package name com.glority.everlens, developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitiv...

CVE-2025-61116

CVE-2025-61116 affects AdForest – Classified Android App, v4.0.12 (package: scriptsbundle.adforest). The vulnerability arises from improper access control in authentication where a Base64-encoded email address is used as the authorization credential, allowing attackers to manipulate credentials a...

PT-2025-44421

Name of the Vulnerable Software and Affected Versions AdForest - Classified Android App version 4.0.12 Description The AdForest - Classified Android App has an issue with how it controls access during authentication. The application utilizes a Base64-encoded email address as an authorization...

PT-2025-44425

Name of the Vulnerable Software and Affected Versions Senza versions 2.10.15 Description The Senza: Keto & Fasting Android App has an issue with how it controls access to user data. Insufficient checks in the app’s API endpoints allow attackers to get authentication tokens and take over accounts...

PT-2025-44420

Name of the Vulnerable Software and Affected Versions ABC Fine Wine & Spirits Android App versions v.11.27.5 and before Description The ABC Fine Wine & Spirits Android App does not properly validate user passwords during authentication, potentially allowing attackers to bypass login checks and...

Hackers Use NFC Relay Malware to Clone Tap-to-Pay Android Transactions

A new investigation from mobile security firm Zimperium has revealed a fast-growing cybersecurity threat targeting Android users through…...

Kingo ROOT 安全漏洞

Kingo ROOT is a tool from Kingo ROOT for gaining superuser privileges on Android. A security vulnerability exists in Kingo ROOT version 1.5.8.3353, which stems from unquoted service paths and could lead to elevated privileges...

APThreatHunter: An Automated Planning-Based Threat Hunting Framework

Cyber attacks threaten economic interests, critical infrastructure, and public health and safety. To counter this, entities adopt cyber threat hunting, a proactive approach that involves formulating hypotheses and searching for attack patterns within organisational networks. Automating cyber thre...

An In-Depth Analysis of Cyber Attacks in Secured Platforms

There is an increase in global malware threats. To address this, an encryption-type ransomware has been introduced on the Android operating system. The challenges associated with malicious threats in phone use have become a pressing issue in mobile communication, disrupting user experiences and...

New Android Trojan 'Herodotus' Outsmarts Anti-Fraud Systems by Typing Like a Human

Cybersecurity researchers have disclosed details of a new Android banking trojan called Herodotus that has been observed in active campaigns targeting Italy and Brazil to conduct device takeover DTO attacks. "Herodotus is designed to perform device takeover while making first attempts to mimic...

CVE-2025-61482

Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...

New HyperRat Android Malware Sold as Ready-Made Spy Tool

Researchers have uncovered HyperRat, a new Android malware sold as a service, giving attackers remote control, data theft tools, and mass phishing features...

CVE-2025-61482

The CVE-2025-61482 vulnerability affects privacyIDEA Authenticator for Android (version 4.3.0). A local attacker with root access can bypass two-factor authentication by hooking cryptographic routines and intercepting decryption paths to recover plaintext secrets, enabling generation of valid OTP...

CVE-2025-61482

Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...

PT-2025-43966

Name of the Vulnerable Software and Affected Versions privacyIDEA Authenticator version 4.3.0 Description A flaw exists in the handling of OTP/TOTP/HOTP values within the privacyIDEA Authenticator application on Android. A local attacker with root access can bypass two-factor authentication by...

CVE-2025-61482

Improper handling of OTP/TOTP/HOTP values in NetKnights GmbH privacyIDEA Authenticator v.4.3.0 on Android allows local attackers with root access to bypass two factor authentication. By hooking into app crypto routines and intercepting decryption paths, attacker can recover plaintext secrets,...

Linux Distros Unpatched Vulnerability : CVE-2025-11718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When the address bar was hidden due to scrolling on Android, a malicious page could create a fake address bar to fool the user in response to a visibilitychange...

Linux Distros Unpatched Vulnerability : CVE-2025-11716

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Links in a sandboxed iframe could open an external app on Android without the required allow- permission. This vulnerability was fixed in Firefox 144 and...