Lucene search
+L

768 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added 2026/03/13 10:47 a.m.6 views

Malicious code in ighack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 889207a729f6b97c385d6c0afe217776d10331cdf7e5dd511f80e0d01e899842 Instagram hacking tool that besides abusing the Instagram API, also automatically uses user's credentials to follow hardcoded accounts. --- Category: MALICIOUS...

5.8AI score
Exploits0References1
OSV
OSV
added 2026/03/13 10:47 a.m.13 views

MAL-2026-1410 Malicious code in ighack (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 889207a729f6b97c385d6c0afe217776d10331cdf7e5dd511f80e0d01e899842 Instagram hacking tool that besides abusing the Instagram API, also automatically uses user's credentials to follow hardcoded accounts. --- Category: MALICIOUS...

5.8AI score
Exploits0References1
Wired Threat Level
Wired Threat Level
added 2026/03/11 12:1 p.m.6 views

Meta Ramps Up Efforts to Disrupt Industrialized Scamming

Meta removed 10.9 million Facebook and Instagram accounts linked to “criminal scam centers” last year, the company announced on Wednesday...

5.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/02 8:1 a.m.26 views

A week in security (February 23 – March 1)

Last week on Malwarebytes Labs: Public Google API keys can be used to expose Gemini AI data Inside a fake Google security check that becomes a browser RAT Fake Zoom and Google Meet scams install Teramind: A technical deep dive How to understand and avoid Advanced Persistent Threats The Conduent...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/26 10:34 a.m.7 views

Instagram flagged explicit messages to minors in 2018. Image-blurring arrived six years later

Meta took six years to blur explicit images on Instagram, even though internal emails show executives were aware in 2018 that minors were receiving them, according to newly unsealed court documents. In a deposition given last year, Adam Mosseri now the head of Instagram discusses an email thread...

5.6AI score
Exploits0
Veracode
Veracode
added 2026/02/23 7:48 p.m.9 views

Server-Side Request Forgery (SSRF)

Parse Server is vulnerable to Server-Side Request ForgerySSRF. The vulnerability is due to allowing clients to supply a custom apiURL parameter in the Instagram authentication adapter, which allows an attacker to redirect authentication requests to malicious endpoints and potentially bypass...

8.3CVSS5.5AI score0.00296EPSS
Exploits0References6Affected Software1
HackRead
HackRead
added 2026/01/30 3:24 p.m.7 views

Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries

Another day, another Android malware campaign targeting unsuspecting users worldwide by masquerading as popular apps...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/29 9:6 p.m.8 views

Meta confirms it’s working on premium subscription for its apps

Meta plans to test exclusive features that will be incorporated in paid versions of Facebook, Instagram, and WhatsApp. It confirmed these plans to TechCrunch. But these plans are not to be confused with the ad-free subscription options that Meta introduced for Facebook and Instagram in the EU, th...

5.9AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/01/12 9:4 p.m.10 views

Received an Instagram password reset email? Here’s what you need to know

Last week, many Instagram users began receiving unsolicited emails from the platform that warned about a password reset request. The message said: “Hi username, We got a request to reset your Instagram password. If you ignore this message, your password will not be changed. If you didn’t request ...

6.7AI score
Exploits0
HackRead
HackRead
added 2026/01/11 10:24 p.m.11 views

Instagram’s “17 Million User Data Leak” Was Just Scraped Records from 2022

Instagram’s 17 million user data leak wasn’t a new breach - Hackread.com's in-depth analysis shows it was scraped in 2022, leaked in 2023, and falsely repackaged in 2026...

7AI score
Exploits0
OSV
OSV
added 2025/12/18 11:46 a.m.8 views

BIT-PARSE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly...

8.3CVSS6.6AI score0.00296EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/17 7:0 p.m.8 views

CVE-2025-68150

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

8.3CVSS7AI score0.00296EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/12/16 10:35 p.m.11 views

Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

Impact The Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. Patches Fixed by hardcoding the...

8.3CVSS7.2AI score0.00296EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2025/12/16 10:35 p.m.6 views

Server-side Request Forgery (SSRF)

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the apiURL parameter in authData used by the Instagram OAuth adapter. An attacker can...

8.3CVSS7AI score0.00296EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/16 10:35 p.m.6 views

EUVD-2025-203837

Parse Server is vulnerable to Server-Side Request Forgery SSRF via Instagram OAuth Adapter...

8.3CVSS6.4AI score0.00296EPSS
Exploits0References4
OSV
OSV
added 2025/12/16 10:35 p.m.22 views

GHSA-3F5F-XGRJ-97PF Parse Server is vulnerable to Server-Side Request Forgery (SSRF) via Instagram OAuth Adapter

Impact The Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and possibly authentication bypass if malicious endpoints return fake responses to validate unauthorized users. Patches Fixed by hardcoding the...

8.3CVSS7AI score0.00296EPSS
Exploits0References5
NVD
NVD
added 2025/12/16 7:16 p.m.21 views

CVE-2025-68150

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

8.3CVSS0.00296EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/16 6:15 p.m.41 views

CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

8.3CVSS0.00296EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/16 6:15 p.m.4 views

CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

8.3CVSS6.5AI score0.00296EPSS
Exploits0References3
OSV
OSV
added 2025/12/16 6:15 p.m.7 views

CVE-2025-68150 Parse Server has Server-Side Request Forgery (SSRF) in Instagram OAuth Adapter

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.2 and 9.1.1-alpha.1, the Instagram authentication adapter allows clients to specify a custom API URL via the apiURL parameter in authData. This enables SSRF attacks and...

8.3CVSS6.9AI score0.00296EPSS
Exploits0References5
Rows per page
Query Builder