CVE-2025-63296

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anykaservice.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root...

Fantasy Hub is spyware for rent—complete with fake app kits and support

Researchers at Zimperium identified Fantasy Hub, a new Android spyware developed and sold as a subscription on Russian-language cybercrime forums. Malware-as-a-Service MaaS means cybercriminals rent out to malware to other criminals, complete with the infrastructure necessary to harvest and abuse...

CVE-2025-63296

KERUI K259 5MP Wi-Fi / Tuya Smart Security Camera firmware v33.53.87 contains a code execution vulnerability in its boot/update logic: during startup /usr/sbin/anykaservice.sh scans mounted TF/SD cards and, if /mnt/update.nor.sh is present, copies it to /tmp/net.sh and executes it as root...

CVE-2025-12636

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

CVE-2025-12636

The CVE-2025-12636 affects Ubia/NVR Ubia camera ecosystem (notably Ubia Ubox). Root cause: insufficient protection of API credentials, enabling an attacker to connect to backend services. Impact (per sources): unauthorized access to cameras, allowing viewing live feeds and potential modification ...

CVE-2025-12636 Ubia Ubox

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

CVE-2025-12636 Ubia Ubox

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

CVE-2025-12636

The Ubia camera ecosystem fails to adequately secure API credentials, potentially enabling an attacker to connect to backend services. The attacker would then be able to gain unauthorized access to available cameras, enabling the viewing of live feeds or modification of settings...

Ubia Ubox (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to remotely view camera feeds or modify settings. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...

[SECURITY] Fedora 42 Update: qt5-qtmultimedia-5.15.18-1.fc42

The Qt Multimedia module provides a rich feature set that enables you to easily take advantage of a platforms multimedia capabilites and hardware. This ranges from the playback and recording of audio and video content to the use of available devices like cameras and radios...

PT-2025-45388

Name of the Vulnerable Software and Affected Versions Ubia camera ecosystem affected versions not specified Description The Ubia camera ecosystem does not adequately secure API credentials, potentially allowing an attacker to connect to backend services. Successful exploitation could grant an...

CVE-2025-12108

The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...

CVE-2025-43450

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access...

CVE-2025-54323

An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage...

CVE-2025-12108

The CVE-2025-12108 instance affects the Survision LPR Camera system, where authentication is not enforced by default, allowing access to the configuration wizard without login credentials. Affected component: the device’s access/configuration flow (license plate recognition camera system). Impact...

CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera

The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...

CISA Releases Five Industrial Control Systems Advisories

CISA released five Industrial Control Systems ICS Advisories. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-308-01 Fuji Electric Monitouch V-SFT-6 ICSA-25-308-02 Survision License Plate Recognition Camera...

CVE-2025-43450

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access...

CVE-2025-43450

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access...

CVE-2025-43450

A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. An app may be able to learn information about the current camera view before being granted camera access...