AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23554)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

CVE-2025-59764

Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

“No place in our networks”: FCC hangs up on thousands of voice operators in robocall war

Everyone hates robocalls. However, it's difficult to track down all the scammers and spammers that make them, so the Federal Communications Commission FCC has taken another approach: it just disconnected over a thousand voice operators from the public telephone network for not doing their part to...

The FCC’s Jessica Rosenworcel Isn’t Leaving Without a Fight

As the US faces “the worst telecommunications hack in our nation’s history,” by China’s Salt Typhoon hackers, the outgoing FCC chair is determined to bolster network security if it’s the last thing she does...

Modern TVs have “unprecedented capabilities for surveillance and manipulation,” group reveals

Your television is debuting the latest, most captivating program: You. In a report titled “How TV Watches Us: Commercial Surveillance in the Streaming Era,” the Center for Digital Democracy CDD spotlighted a massive data-driven surveillance apparatus that ensnares the public through modern...

TracFone will pay $16 million to settle FCC data breach investigation

Following three separate data breaches between 2021 and 2023 which exposed the proprietary information PI of TracFone Wireless customers, the Federal Communications Commission FCC announced that the Verizon-owned company has agreed to pay a $16 million civil penalty to settle the government...

Wireless carriers fined $200 million after illegally sharing customer location data

After four years of investigation, the Federal Communications Commission FCC has concluded that four of the major wireless carriers in the US violated the law in sharing access to customers’ location data. The FCC fined AT&T, Sprint, T-Mobile, and Verizon a total of almost $200 million for...

FCC Fines Major U.S. Wireless Carriers for Selling Customer Location Data

The U.S. Federal Communications Commission FCC today levied fines totaling nearly $200 million against the four major carriers -- including AT&T, Sprint, T-Mobile and Verizon -- for illegally sharing access to customers location information without consent. The fines mark the culmination of a mor...

Maybe the Phone System Surveillance Vulnerabilities Will Be Fixed

It seems that the FCC might be fixing the vulnerabilities in SS7 and the Diameter protocol: On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers locations. The FCC...

Disturbing robocaller fined $9.9 million

A federal court in Montana has fined a man $9.9 million after he was found responsible for causing thousands of unlawful and malicious spoofed robocalls. Sometimes there is good news. Well, for almost everybody except for the robocaller who was found guilty of unlawful robocalls to people in stat...

CryptoChameleon Phishing Scam Targets Crypto Users and FCC Employees

By Deeba Ahmed Lookout urges crypto users to be on the lookout of the new and tricky phishing campaign. This is a post from HackRead.com Read the original post: CryptoChameleon Phishing Scam Targets Crypto Users and FCC Employees...

AI-generated voices in robocalls are illegal, rules FCC

The Federal Communications Commission FCC has announced that calls made with voices generated with the help of Artificial Intelligence AI will be considered “artificial” under the Telephone Consumer Protection Act TCPA. Effective immediately, that makes robocalls that implement voice cloning...

Decline in robocalls is encouraging, efforts seem to be working

The Federal Communications Commission FCC has announced that its recent actions with the Federal Trade Commission FTC against international robocalls appear to have had an effect. Robocalls are automated phone calls, often associated with scams and unwanted solicitations, which can be a nuisance ...

FCC wants cars to make life harder for stalkers

Most new model cars are not just cars anymore. With multiple digital systems, vehicles are increasingly plugged into web applications and digital processes. Some of them are basically smartphones on wheels. Even if we assume these new features were all created with your convenience in mind, some ...

Siemens Industrial Products Uncontrolled Resource Consumption (CVE-2019-11478)

Multiple industrial products are affected by a vulnerability in the kernel known as TCP SACK PANIC. A remote attacker could cause a denial of service condition by sending specially crafted TCP Selective Acknowledgment SACK sequences to affected products. This plugin only works with Tenable.ot...

FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks

The U.S. Federal Communications Commission FCC is adopting new rules that aim to protect consumers from cell phone account scams that make it possible for malicious actors to orchestrate SIM-swapping attacks and port-out fraud. "The rules will help protect consumers from scammers who target data...

AI and US Election Rules

If an AI breaks the rules for you, does that count as breaking the rules? This is the essential question being taken up by the Federal Election Commission this month, and public input is needed to curtail the potential for AI to take US campaigns even more off the rails. At issue is whether...

A week in security (August 7 - August 13)

Last week on Malwarebytes Labs: Zoom clarifies user consent requirement when training its AI Several hospitals still counting the cost of widespread ransomware attack Old exploit kits still kicking around in 2023 YouTube makes sweeping changes to tackle spam on Shorts videos Googles "browse...

TikTok facing fines for violating children’s privacy

The European Data Protection Board is expected to fine TikTok for violating the privacy of young children within the next four weeks. The European Data Protection Board said a binding decision has been reached over TikTok's processing of childrens data, after the ByteDance-owned app submitted leg...