CVE-2025-50053

CVE-2025-50053 affects the WordPress Blappsta Mobile App Plugin and related native mobile apps (iPhone/Android) up to version 0.8.8.8. The issue is a Reflected Cross-Site Scripting (XSS) flaw caused by improper input neutralization during web page generation, enabling injected scripts in pages vi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-993011)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993011 advisory. In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Google Android

Khora Exploit Framework v2.0 ============================ Mod...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992285)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992285 advisory. In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to a VMA outside of the...

⚡ Weekly Recap: MongoDB Attacks, Wallet Breaches, Android Spyware, Insider Crime & More

Last week's cyber news in 2025 was not about one big incident. It was about many small cracks opening at the same time. Tools people trust every day behave in unexpected ways. Old flaws resurfaced. New ones were used almost immediately. A common theme ran through it all in 2025. Attackers moved...

Malware in 2025 spread far beyond Windows PCs

This blog is part of a series highlighting new and concerning trends we noticed over the last year. Trends matter because they almost always provide a good indication of what 's coming next. If there’s one thing that became very clear in 2025, it’s that malware is no longer focused on Windows...

CVE-2025-57840

ADBAndroid Debug Bridge is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability...

CVE-2022-50778

In the Linux kernel, the following vulnerability has been resolved: fortify: Fix compiletimestrlen under UBSANBOUNDSLOCAL With CONFIGFORTIFY=y and CONFIGUBSANLOCALBOUNDS=y enabled, we observe a runtime panic while running Android's Compatibility Test Suite's CTS android.hardware.input.cts.tests...

CVE-2025-57840

ADBAndroid Debug Bridge is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability...

CVE-2025-57840

CVE-2025-57840 affects ADB (Android Debug Bridge). The root cause is a type privilege bypass in ADB, with potential impact on service availability. Documented data lists a low CVSS v3.1 score (2.2, Local exploit, High complexity, Low privileges required, User interaction required) but no concrete...

CVE-2025-57840 Privilege Bypass in ADB

ADBAndroid Debug Bridge is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability...

EUVD-2025-205061

ADBAndroid Debug Bridge is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability...

CVE-2025-57840 Privilege Bypass in ADB

ADBAndroid Debug Bridge is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability...

PT-2025-52871

Name of the Vulnerable Software and Affected Versions ADB Android Debug Bridge affected versions not specified Description ADB Android Debug Bridge is susceptible to a type privilege bypass issue. Successful exploitation of this issue could lead to service availability problems. Recommendations A...

LLM-Driven Feature-Level Adversarial Attacks on Android Malware Detectors

The rapid growth in both the scale and complexity of Android malware has driven the widespread adoption of machine learning ML techniques for scalable and accurate malware detection. Despite their effectiveness, these models remain vulnerable to adversarial attacks that introduce carefully crafte...

@acabai/android (>=1.0.0 <=2.0.6), @acabai/core (>=1.0.0 <=1.0.6) +930 more potentially affected by CVE-2025-68665 via @langchain/core (>=0.0.0 <=0.3.8)

@langchain/core NPM version =0.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.1, =0.0.6, =1.0.5, =0.1.2, =0.0.1, =1.2.27, =0.1.7, =3.0.0-beta.65.0, =8.0.0, =10.0.0, =11.0.0 and more Source cves: CVE-2025-68665 Source advisory: OSV:GHSA-R399-636X-V7F6...

Better Call Graphs: A New Dataset of Function Call Graphs for Malware Classification

Function call graphs FCGs have emerged as a powerful abstraction for malware detection, capturing the behavioral structure of applications beyond surface-level signatures. Their utility in traditional program analysis has been well established, enabling effective classification and analysis of...

Frogblight Malware Targets Android Users With Fake Court and Aid Apps

Kaspersky warns of 'Frogblight,' a new Android malware draining bank accounts in Turkiye. Learn how this 'court case' scam steals your data and how to stay safe...

⚡ Weekly Recap: Firewall Exploits, AI Data Theft, Android Hacks, APT Attacks, Insider Leaks & More

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They're going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn't just one major attack, but...

A week in security (December 15 &#8211; December 21)

Last week on Malwarebytes Labs: CISA warns ASUS Live Update backdoor is still exploitable, seven years on The ghosts of WhatsApp: How GhostPairing hijacks accounts Chrome extension slurps up AI chats after users installed it for privacy Two Chrome flaws could be triggered by simply browsing the...