AgentTrust: Runtime Safety Evaluation and Interception for AI Agent Tool Use

Modern AI agents execute real-world side effects through tool calls such as file operations, shell commands, HTTP requests, and database queries. A single unsafe action, including accidental deletion, credential exposure, or data exfiltration, can cause irreversible harm. Existing defenses are...

EUVD-2020-8133

Malware in sbrugna...

CVE-2024-20497

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

CVE-2020-16170

Use of Hard-coded Credentials in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to listen in on any ongoing calls between temi robots and their users if they can brute-force/guess a six-digit value via unspecified vectors...

Talkatone com.talkatone.android application 安全漏洞

Talkatone com.talkatone.android application is an application for virtual phone calls from Talkatone, Inc. A security vulnerability exists in the Talkatone com.talkatone.android application, which originates from allowing any installed application without privileges to send a specially crafted...

CVE-2024-20497

A vulnerability in Cisco Expressway Edge Expressway-E could allow an authenticated, remote attacker to masquerade as another user on an affected system. This vulnerability is due to inadequate authorization checks for Mobile and Remote Access MRA users. An attacker could exploit this vulnerabilit...

CVE-2024-20497

Cisco Expressway Edge (Expressway-E) is affected by an improper authorization vulnerability. An authenticated MRA user can masquerade as another user and potentially intercept calls or spoof caller IDs due to inadequate authorization checks for Mobile and Remote Access users. Exploitation require...

ReVoLTE Attack Allows Hackers to Listen in on Mobile Calls

Researchers have discovered an attack on the Voice over LTE VoLTE mobile communications protocol that can break its encryption and allow attackers to listen in on phone calls. Dubbed ReVoLTE, the attack — detailed by a group of academic researchers from Ruhr University Bochum and New York...

CVE-2019-17191

The Signal Private Messenger application before 4.47.7 for Android allows a caller to force a call to be answered, without callee user interaction, via a connect message. The existence of the call is noticeable to the callee; however, the audio channel may be open before the callee can block...

1B Mobile Users Vulnerable to Ongoing ‘SimJacker’ Surveillance Attack

A vulnerability discovered in mobile SIM cards is being actively exploited to track phone owners’ locations, intercept calls and more – all merely by sending an SMS message to victims, researchers say. Researchers on Thursday disclosed what they said is a widespread, ongoing exploit of a SIM...

Large-scale SIM swap fraud

Introduction SIM swap fraud is a type of account takeover fraud that generally targets a weakness in two-factor authentication and two-step verification, where the second factor or step is an SMS or a call placed to a mobile telephone. The fraud centers around exploiting a mobile phone operator's...

New Attacks Against 4G, 5G Mobile Networks Re-Enable IMSI Catchers

At NDSS Symposium 2019, a group of university researchers yesterday revealed newly discovered cellular network vulnerabilities that impact both 4G and 5G LTE protocols. According to a paper published by the researchers, "Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channe...

CVE-2018-7959

There is a short key vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept and decrypt the call information when the user enables SRTP to make a call. Successful exploitation may cause sensitive information leak...

CVE-2018-7959

CVE-2018-7959 affects Huawei eSpace. An unauthenticated, remote attacker can perform a man-in-the-middle attack when SRTP is enabled to make a call, intercepting and decrypting call information and potentially leaking sensitive data. The root cause is a short key vulnerability in the SRTP handlin...

CVE-2015-3442

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

Code injection

Soreco Xpert.Line 3.0 allows local users to spoof users and consequently gain privileges by intercepting a Windows API call...

Your GPS Location and Calls Can be Spied Using Network Vulnerability

Yes, you heard it right. It's the dirty truth that’s featuring what is being called the largest privacy breach ever. Billions of cell phone users are at risk of a vulnerability in the SS7 inter-carrier network that allows hackers and spies agencies to track locations and intercept all voice calls...

Hackers Can Read Your Private SMS and Listen to Phone Calls

Security researchers have discovered a massive security flaw that could let hackers and cybercriminals listen to private phone calls and read text messages on a potentially vast scale – no matter if the cellular networks use the latest and most advanced encryption available. The critical flaw lie...

openSUSE Security Update : telepathy-gabble (openSUSE-SU-2011:0303-1)

This update of telepathy-gabble is validating the origin of a google:jingleinfo update message now. Not validating the origin could be used to intercept calls. CVE-2011-1000: CVSS v2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N: Input Validation CWE-20 %NASLMINLEVEL 70300 C Tenable Network Security...

Threats Go Mobile

Smartphone adoption has exploded in recent years, and this has not been lost on the attackers who are looking for the best way to separate users from their money and confidential data. There were several examples of attackers sneaking malicious applications into mobile app stores, some disguised ...