Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : OpenStack Glance vulnerabilities (USN-8199-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8199-1 advisory. Martin Kaesberger discovered that OpenStack Glance's image processing could return the contents of arbitrary files. An attacker...

SUSE-SU-2025:4416-1 Security update for webkit2gtk3

This update for webkit2gtk3 fixes the following issues: Update to version 2.50.3. Security issues fixed: - CVE-2025-13502: processing of maliciously crafted payloads by the GLib remote inspector server may lead to a UIProcess crash due to an out-of-bounds read and an integer underflow bsc1254208....

[SECURITY] [DLA 4394-1] webkit2gtk security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4394-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort December 04, 2025 https://wiki.debian.org/LTS -...

Debian dsa-6070 : gir1.2-javascriptcoregtk-4.0 - security update

The remote Debian 12 / 13 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-6070 advisory. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6070-1 [email protected]...

SUSE CVE-2025-43392

The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin...

Malicious code in voicemetterr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96387f13bb167829d9ffd47e15174e794c9a0a0922ca411c2b5d67f33725d769 Package sends image files to a hardcoded Discord webhook. It requires manual start and expects user's interaction. However, the package clearly impersonate a...

MAL-2025-191921 Malicious code in voicemetterr (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 96387f13bb167829d9ffd47e15174e794c9a0a0922ca411c2b5d67f33725d769 Package sends image files to a hardcoded Discord webhook. It requires manual start and expects user's interaction. However, the package clearly impersonate a...

CVE-2025-43392

The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin...

CVE-2025-43392

The issue was addressed with improved handling of caches. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A website may exfiltrate image data cross-origin...

SparkKitty, SparkCat’s little brother: A new Trojan spy found in the App Store and Google Play

Update 25.06.2025: Apple removed the malicious app from the App Store. In January 2025, we uncovered the SparkCat spyware campaign, which was aimed at gaining access to victims' crypto wallets. The threat actor distributed apps containing a malicious SDK/framework. This component would wait for a...

Roaming Mantis Expands Android Backdoor to Europe

The Roaming Mantis Android malware campaign has buzzed into Europe, quickly infesting France in particular, where there have been 66,789 downloads of the group’s specific remote access trojan RAT as of January. The campaign pushes the Android RAT known as Wroba aka Moqhao or XLoader onto victim...