EUVD-2025-203829

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo C210 V.1.8 app on iOS and Android, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

CVE-2025-14553

Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged...

EUVD-2019-18182

Malware in sbrugna...

EUVD-2016-7462

Malware in sbrugna...

EUVD-2016-7461

Malware in sbrugna...

August 19, 2025—KB5066188 (OS Builds 19044.6218 and 19045.6218) Out-of-band

August 19, 2025—KB5066188 OS Builds 19044.6218 and 19045.6218 Out-of-band Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed...

Meta accuses apps of stealing WhatsApp accounts

Meta is attempting to clamp down on rogue WhatsApp-styled applications which originate from China. Bleeping Computer reports that no fewer than one million WhatsApp accounts have been compromised, allegedly as a result of using these apps which are claimed to bundle malware. Dubious apps The apps...

Riltok mobile Trojan: A banker with global reach

Riltok is one of numerous families of mobile banking Trojans with standard for such malware functions and distribution methods. Originally intended to target the Russian audience, the banker was later adapted, with minimal modifications, for the European "market." The bulk of its victims more tha...

A week in security (November 5 – 11)

Last week on Malwarebytes Labs, we looked at browser lockers that fly under the radar with complete obfuscation, transport and logistics in our series about compromising vital infrastructure, Google logins now requiring JavaScript, how to create a sticky cybersecurity training program, and an...

New Android API Lets Developers Push Updates Within their Apps

You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true. Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it's optional. Along...

New Android API Lets Developers Push Updates Within their Apps

You might have read somewhere online today that Google is granting Android app developers powers to forcefully install app updates…but it is not true. Instead, the tech giant is providing a new feature that will help users to have up-to-date Android apps all the time and yes, it's optional. Along...

iPhone Hacking Campaign Using MDM Software Is Broader Than Previously Known

India-linked highly targeted mobile malware campaign, first unveiled two weeks ago, has been found to be part of a broader campaign targeting multiple platforms, including windows devices and possibly Android as well. As reported in our previous article, earlier this month researchers at Talos...

Microsoft Windows 10: Download Mode

This test checks the setting for policy OpenVAS Vulnerability Test $Id: windownloadmode.nasl 10989 2018-08-15 14:57:51Z emoss $ Check value for Download Mode Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can...

Affect tens of millions of APP the Android APP“parasitic beast”vulnerability technical analysis-vulnerability warning-the black bar safety net

3 6 0 mobile security research team vulpecker recently discovered a new Android app security vulnerabilities, the market tens of millions of apps are affected by the vulnerability. The vulnerability once attacker, it can be directly on the user's mobile phone implanted Trojans to steal the user's...

Google Play Store Update Allows Apps to Silently Gain Control of Your Device

Google just made a huge change to the way application permissions work on Android devices which has left a potential door open to malicious app developers and hackers. Google narrows down Android's 145 permissions into 13 broad categories and groups app permissions into 'groups of related...

Another Master Key vulnerability discovered in Android 4.3

Earlier this year, in the month of July it was first discovered that 99% of Android devices are vulnerable to a flaw called "Android Master Key vulnerability" that allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be us...