PT-2026-3764

GitHub - canyie/CVE-2024-23700: PoC for CVE-2024-23700, privilege escalation allows silently obtain permissions to read/write contacts, SMS, calendar, call log and voicemail, make outgoing calls or answer incoming calls, manipulate call settings, access https://t.co/CCm7jUKWw6...

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google Photos, TikTok, and YouTube as lures to install them. "Once active, the spyware can exfiltra...

EUVD-2008-1257

Malware in sbrugna...

EUVD-2007-3424

Malware in sbrugna...

EUVD-2011-4621

Malware in sbrugna...

EUVD-2022-25790

Malicious code in bioql PyPI...

CVE-2023-27108

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...

CVE-2022-20530

In strings.xml, there is a possible permission bypass due to a misleading string. This could lead to remote information disclosure of call logs with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-2315856...

CVE-2011-4703

The Limit My Call com.limited.call.view application 2.11 for Android does not properly protect data, which allows remote attackers to read or modify call logs and a contact list via a crafted application...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS, which arises from the possibility that call logs may still...

New Android Spyware LianSpy Evades Detection Using Yandex Cloud

Users in Russia have been the target of a previously undocumented Android post-compromise spyware called LianSpy since at least 2021. Cybersecurity vendor Kaspersky, which discovered the malware in March 2024, noted its use of Yandex Cloud, a Russian cloud service, for command-and-control C2...

LianSpy: new Android spyware targeting Russian users

In March 2024, we discovered a campaign targeting individuals in Russia with previously unseen Android spyware we dubbed LianSpy. Our analysis indicates that the malware has been active since July 2021. This threat is equipped to capture screencasts, exfiltrate user files, and harvest call logs a...

“Nearly all” AT&T customers had phone records stolen in new data breach disclosure

In a déjà-vu nightmare, US phone giant AT&T has notified customers that cybercriminals managed to download phone call and text message records of "nearly all of AT&T cellular customers from May 1, 2022 to October 31, 2022 as well as on January 2, 2023". In a filing with the Securities and Exchang...

Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with ...

Cisco IP Phones Call Log Information Disclosure (CVE-2020-3360)

A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected...

Information Disclosure

oro/crm-call-bundle is vulnerable to Information Disclosure. The vulnerability allows back-office users to bypass access control ACL restrictions and gain unauthorized access to sensitive information, such as customer call logs and personal data...

Android Spy App LetMeSpy Suffers Major Data Breach, Exposing Users' Personal Data

Android-based phone monitoring app LetMeSpy has disclosed a security breach that allowed an unauthorized third-party to steal sensitive data associated with thousands of Android users. "As a result of the attack, the criminals gained access to email addresses, telephone numbers and the content of...

Stalkerware Vendor Hacked

The stalkerware company LetMeSpy has been hacked: TechCrunch reviewed the leaked data, which included years of victims call logs and text messages dating back to 2013. The database we reviewed contained current records on at least 13,000 compromised devices, though some of the devices shared litt...

CVE-2023-27108

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...

Design/Logic Flaw

An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allow...