29 matches found
cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-50481 via mezzanine (>=3.1.10 <=6.0.0)
mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-50481 Source advisory: OSV:GHSA-269J-37WW-CMH3...
cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-50481 via mezzanine (>=3.1.10 <=6.0.0)
mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-50481 Source advisory: OSV:PYSEC-2025-137...
cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-6050 via mezzanine (>=3.1.10 <=6.0.0)
mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-6050 Source advisory: OSV:GHSA-7PR5-W74R-JJJ7...
cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-29573 via mezzanine (>=3.1.10 <=6.0.0)
mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-29573 Source advisory: SNYK:PYTHON-MEZZANINE-10074181...
cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-29573 via mezzanine (>=3.1.10 <=6.0.0)
mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-29573 Source advisory: OSV:GHSA-2544-HPCQ-6G27...
cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2025-29573 via mezzanine (>=3.1.10 <=6.0.0)
mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2025-29573 Source advisory: OSV:PYSEC-2025-136...
Malicious code in clubhouse-to-linear-exporter (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 763c04a1400336e5c62621aba4027b81dfb2b2ba0b01ec823e0f4f62703e0eed Any computer that has this package install...
MAL-2025-1523 Malicious code in clubhouse-to-linear-exporter (npm)
This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 763c04a1400336e5c62621aba4027b81dfb2b2ba0b01ec823e0f4f62703e0eed Any computer that has this package install...
cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2024-25170 via mezzanine (>=3.1.10 <=6.0.0)
mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2024-25170 Source advisory: OSV:GHSA-22CC-W7XM-RFHX...
cartridge (>=1.0.0b1 <=1.3.1), cartridge-braintree (>=1.2.1 <=1.2.2) +4 more potentially affected by CVE-2020-19002 via mezzanine (>=3.1.10 <=6.0.0)
mezzanine PYPI version =3.1.10, =1.0.0b1, =1.2.1, =0.0.1, =0.1.0a1, =0.1.0b1, =0.4.1, =0.4.4 Source cves: CVE-2020-19002 Source advisory: OSV:GHSA-FPV7-HX6R-9VCX...
3.8 Billion Users’ Combined Clubhouse, Facebook Data Up for Sale
On its own, the database of 3.8 billion phone numbers leaked from social-media platform Clubhouse didn’t have much value on the underground market. In fact, they were eventually dumped in a hacker forum for free. But an enterprising threat actor has reportedly combined those phone numbers with 53...
A week in security (August 16 – August 22)
Last week on Malwarebytes Labs: Podcast: Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks. How to troubleshoot hardware problems that look like malware problems. Analysts “strongly believe” the Russian state colludes with ransomware gangs. macOS 11’s hidden security...
Katie Moussouris hacked Clubhouse. Her emails went unanswered for weeks: Lock and Code S02E15
Nearly one year after the exclusive app Clubhouse launched on the iOS store, its popularity skyrocketed. The app, which is now out of beta, lets users drop into spontaneous audio conversations that, once they are over, are over. With COVID lockdown procedures separating many people around the wor...
A week in security (July 26 – August 1)
Last week on Malwarebytes Labs: OSX.XLoader hides little except its main purpose: What we learned in the installation process. The Clubhouse database “breach” is likely a non-breach. Here’s why. Kaseya Unitrends has unpatched vulnerabilities that could help attackers expand a breach. UDP Technolo...
The Clubhouse database “breach” is likely a non-breach. Here’s why.
Before the work week ended last week Friday, a security researcher found a leak of what is claimed to be full phone numbers of users of Clubhouse, the new social media app everyone is talking about and just recently came out of beta. Clubhouse is an audio-only social media platform where, unlike...
Short story about Clubhouse user scraping and social graphs
TL;DR During this RedTeam testing, Hexway team used Clubhouse as a social engineering tool to find out more about their client’s employees. UPDATE: While Hexway were preparing this article for publication, cybernews.com reported: 1.3 million scraped user records leaked online for free In this...
DevOps Teams can learn from Clubhouse compliance woes
As Clubhouse continues to launch new features and gain popularity, protecting sensitive data and adhering to compliance should be on everyone’s mind...
A Clubhouse Bug Let People Lurk in Rooms Invisibly
The vulnerabilities opened the door to “ghosts” hiding in and disrupting rooms, where moderators would be unable to mute them...
1.3M Clubhouse Users’ Data Dumped in Hacker Forum for Free
Clubhouse, the startup invitation-only chat app, is the latest social-media platform to see mammoth troves of user data collected and posted in underground forums. An SQL file containing the personal data of 1.3 million Clubhouse users has been posted in a hacker forum for free. Names, user IDs,...
Scraped data of 1.3 million Clubhouse users published online
By Waqas Clubhouse, an invitation-only social media app for iOS with more than 10 million users has become a victim of data scraping. Here's what data was published. This is a post from HackRead.com Read the original post: Scraped data of 1.3 million Clubhouse users published online...