Chromium: CVE-2026-11145 Race in Geolocation

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Astra Linux - уязвимость в firefox, thunderbird

By displaying a form validation message in the correct location at the same time as a permission prompt such as for geolocation, the validation message could potentially obscure the prompt, allowing the user to be tricked into granting the permission. This vulnerability affects Firefox 94,...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

CVE-2025-6026

CVE-2025-6026 concerns Lenovo Universal Device Client (UDC). The issue is improper certificate validation that could allow an attacker capable of intercepting network traffic to access application metadata, including device information, geolocation, and telemetry data. The security details indica...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

EUVD-2021-24960

Malware in sbrugna...

“Your privacy is a promise we don’t break”: Dating app Raw exposes sensitive user data

Any app that hands over user data is a concern, but leaky dating apps are especially worrying given the sensitivity of the data involved. A relatively new app called Raw that aims to rewrite the rules of dating is the latest to trip over its coattails by exposing user data to…well, anyone who ask...

CVE-2024-20431

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this...

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant...

New "Raptor Train" IoT Botnet Compromises Over 200,000 Devices Worldwide

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office SOHO and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon aka Ethereal Panda or RedJuliett. The sophisticated botnet, dubbed Raptor Tra...

BlindEagle flying high in Latin America

BlindEagle, also known as "APT-C-36", is an APT actor recognized for employing straightforward yet impactful attack techniques and methodologies. The group is known for their persistent campaigns targeting entities and individuals in Colombia, Ecuador, Chile, Panama and other countries in Latin...

Chameleon Android Banking Trojan Targets Users Through Fake CRM App

Cybersecurity researchers have lifted the lid on a new technique adopted by threat actors behind the Chameleon Android banking trojan targeting users in Canada by masquerading as a Customer Relationship Management CRM app. "Chameleon was seen masquerading as a CRM app, targeting a Canadian...

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service MaaS model, target ove...

Pyradm - Python Remote Administration Tool Via Telegram

Remote administration crossplatfrom tool via telegram\ Coded with ❤️ python3 + aiogram3 \ https://t.me/ptsoft v0.3 X Screenshot from target X Crossplatform X Upload/Download X Fully compatible shell X Process list X Webcam video record or screenshot X Geolocation X Filemanager X Microphone X...

Data brokers admit they’re selling information on precise location, kids, and reproductive healthcare

Information newly made available under California law has shed light on data broker practices, including exactly what categories of information they trade in. Any business that meets the definition of data broker must register with the California Privacy Protection Agency CPPA annually. The CPPA...

Cross-site Scripting (XSS)

Liferay Portal is vulnerable to stored cross-site scripting XSS. The vulnerability is due to improper neutralization of input during web page generation which allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a...

Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting

Stored cross-site scripting XSS vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to...

GHSA-CR36-3VQF-X5W5 Liferay Portal Expando module and Liferay DXP vulnerable to stored Cross-site Scripting

Stored cross-site scripting XSS vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to...

CVE-2024-25601

Stored cross-site scripting XSS vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to...

CVE-2024-25601

CVE-2024-25601 affects the Expando module geolocation custom fields in Liferay Portal 7.2.0–7.4.2 and older unsupported versions, and Liferay DXP 7.3 before SP3, 7.2 before FP17. It is a stored XSS vulnerability allowing remote authenticated users to inject arbitrary web script or HTML via the na...