Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platformsetdrvdata and devsetdrvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to...

Combating Data Laundering in LLM Training

Data rights owners can detect unauthorized data use in large language model LLM training by querying with proprietary samples. Often, superior performance e.g., higher confidence or lower loss on a sample relative to the untrained data implies it was part of the training corpus, as LLMs tend to...

CVE-2025-68328 firmware: stratix10-svc: fix bug in saving controller data

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platformsetdrvdata and devsetdrvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to...

CVE-2025-40938

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected device stores sensitive information in the firmware. This could allow an attacker to access and misuse this information, potentially impacting the device’s confidentiality, integrity, and availability...

A week in security (September 22 – September 28)

Last week on Malwarebytes Labs: Hackers threaten parents: Get nursery to pay ransom or we leak your child’s data Google and Flo to pay $56 million after misusing users’ health data Neon App pays users to record their phone calls, sells data for AI training updated New SVG-based phishing campaign ...

net/http: Request smuggling due to acceptance of invalid chunked data in net/http

A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...

A Starter Guide to Protecting Your Data From Hackers and Corporations

Hackers. AI data scrapes. Government surveillance. Thinking about where to start when it comes to protecting your online privacy can be overwhelming. Here’s a simple guide for you—and anyone who claims they have nothing to hide...

PT-2025-20811 · Sap · Sap Gateway Client

Name of the Vulnerable Software and Affected Versions: SAP Gateway Client affected versions not specified Description: The issue allows a high-privileged user to access restricted information beyond the application's scope, potentially leading to low impact on confidentiality, integrity, and...

CVE-2024-42178 HCL MyXalytics is affected by a failure to restrict URL access vulnerability

HCL MyXalytics is affected by a failure to restrict URL access vulnerability. Unauthenticated users might gain unauthorized access to potentially confidential information, creating a risk of misuse, manipulation, or unauthorized distribution...

A week in security (April 7 – April 13)

Last week on Malwarebytes Labs: The Pall Mall Pact and why it matters Child predators are lurking on dating apps, warns report Your 23andMe genetic data could be bought by China, senator warns WhatsApp for Windows vulnerable to attacks. Update now! Man accused of using keylogger to spy on...

72% of people are worried their data is being misused by the government, and that’s not all…

Bad vibes are big news in privacy right now, with the public feeling isolated in securing their sensitive information from companies, governments, AI models, and scammers. That’s the latest from Malwarebytes research conducted this month, which revealed that the vast majority of people are...

How to Sue a Company Under GDPR for Data Misuse and Privacy Violations

Learn how to sue companies under GDPR for data misuse. Understand your rights, file complaints, and claim compensation…...

The surprising existence of the erase button on cockpit voice recorders

Introduction Safety and transparency are important in aviation. One tool that helps here is the Cockpit Voice Recorder CVR, which records audio from the cockpit during flights. It is crucial for accident investigations, helping authorities understand what happened before an incident. However, you...

FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data

The U.S. Federal Trade Commission FTC on Tuesday prohibited data broker Outlogic, which was previously known as X-Mode Social, from sharing or selling any sensitive location data with third-parties. The ban is part of a settlement over allegations that the company "sold precise location data that...

CVE-2023-23598 Arbitrary file read from GTK drag and drop on Linux

Due to the Firefox GTK wrapper code's use of text/plain for drag data and GTK treating all text/plain MIMEs containing file URLs as being dragged a website could arbitrarily read a file via a call to DataTransfer.setData. This vulnerability affects Firefox 109, Firefox ESR 102.7, and Thunderbird...

ICE Records Reveal How Agents Abuse Access to Secret Data

Documents obtained by WIRED detail hundreds of investigations by the US agency into alleged database misuse that includes harassment, stalking, and more...

TikTok misused children's data, faces $15.6M fine

TikTok has been ordered to pay a fine of $15.6M £12.7M for failing to protect 1.4 million UK children under the age of 13 from accessing its platform in 2020. The Information Commissioner's Office ICO, the UK's data protection watchdog, imposed the fine after finding the company used children's...

A week in security (July 18 – July 24)

Last week on Malwarebytes Labs: Extortionists target restaurants, demand money to take down bad reviews The FTC will go after companies misusing location, health, and other sensitive data Roblox breached: Internal documents posted online by unknown attackers Warning for WordPress admins: Uninstal...

Twitter fined $150M after using 2FA phone numbers for marketing

The Federal Trade Commission FTC and the Department of Justice DOJ have ordered Twitter to pay a $150M penalty for using users account security data deceptively. The deception violates an FTC order from 2011, that bars Twitter from "misleading consumers about the extent to which it protects the...

Twitter Fined $150 Million for Misusing Users' Data for Advertising Without Consent

Twitter, which is in the process of being acquired by Tesla CEO Elon Musk, has agreed to pay $150 million to the U.S. Federal Trade Commission FTC to settle allegations that it abused non-public information collected for security purposes to serve targeted ads. In addition to the monetary penalty...