Biometrics, diagnoses, and bank details exposed in major healthcare breach

NYC Health + Hospitals NYC H+H posted a data breach notice about a months‑long breach via a third‑party vendor that exposed highly sensitive patient and employee data for at least 1.8 million people, including medical records, government IDs, geolocation data, and even fingerprint and palm‑print...

CVE-2026-27892 FacturaScripts: Unstripped Image Metadata (EXIF) Leakage via Library Module File Upload/Download

FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC metadata. Any authenticated user who downloaded an image could extract the uploader's embedded metadat...

PT-2026-38611

Name of the Vulnerable Software and Affected Versions FacturaScripts versions prior to 2026 Description A sensitive information disclosure issue exists in the Library module of FacturaScripts. The application stores and serves uploaded images byte-for-byte without stripping EXIF, XMP, or IPTC...

Are you paying more than other people? NY cracks down on surveillance pricing

When you search for a product online, you might think you're getting the same price as everyone else. Think again. Your price might be different based on everything from your location to what you've looked at online. Companies often use algorithms to set their prices that rely heavily on customer...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

CVE-2025-6026

An improper certificate validation vulnerability was reported in the Lenovo Universal Device Client UDC that could allow a user capable of intercepting network traffic to obtain application metadata, including device information, geolocation, and telemetry data...

📄 Packet Storm EXIF Data Disclosure

A bad code push allowed EXIF data to remain in some photos on Packet Storm. Our analysis shows only 0.004% of uploaded pictures were affected and they have all been stripped to ensure no further exposure. Fortunately, the affected pictures only include items related to an admin of the site and th...

EUVD-2016-2874

Malware in sbrugna...

EUVD-2019-6675

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-10109

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An Information Exposure issue issue 1 of 2 was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before...

Buy It Now, Track Me Later: Attacking User Privacy Via Wi-Fi AP Online Auctions

Static and hard-coded layer-two network identifiers are well known to present security vulnerabilities and endanger user privacy. In this work, we introduce a new privacy attack against Wi-Fi access points listed on secondhand marketplaces. Specifically, we demonstrate the ability to remotely...

CVE-2024-20431

A vulnerability in the geolocation access control feature of Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass an access control policy. This vulnerability is due to improper assignment of geolocation data. An attacker could exploit this...

Google to pay $1.38 billion over privacy violations

The state of Texas reached a mammoth financial agreement with Google last week, securing $1.375 billion in payments to settle two three year-old lawsuits. The Office of Texas Attorney General Ken Paxton originally filed the first lawsuit against Google in January 2022, complaining that the tech...

Cisco Firepower Threat Defense Code Issue Vulnerability (CNVD-2024-44487)

Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. Cisco Firepower Threat Defense has a code issue vulnerability that stems from improper allocation of geolocation data. An attacker could exploit the...

Cisco Firepower Threat Defense 安全漏洞

Cisco Firepower Threat Defense FTD is a suite of unified software from the U.S. company Cisco Cisco that provides next-generation firewall services. Cisco Firepower Threat Defense has a code issue vulnerability that stems from improper allocation of geolocation data. An attacker could exploit the...

President Biden Blocks Mass Transfer of Personal Data to High-Risk Nations

U.S. President Joe Biden has issued an Executive Order that prohibits the mass transfer of citizens' personal data to countries of concern. The Executive Order also "provides safeguards around other activities that can give those countries access to Americans' sensitive data," the White House sai...

FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring

The U.S. Federal Trade Commission FTC has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. This comprises a $25 million penalty for breaching children's privacy laws by retaining their Alexa voice recordings for...

New Zero-Click Hack Targets iOS Users with Stealthy Root-Privilege Malware

A previously unknown advanced persistent threat APT is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root...

Slims9 Bulian 安全漏洞

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g., books, journals, digital files, and other library materials and administration. A security vulnerability exists in Slims9 Bulian version v9.5.2. An attacker...

Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...