EspoCRM 9.3.3 API Security Audit Tool

This Python script is a lightweight, non-invasive security audit tool designed to test the API surface of EspoCRM version 9.3.3...

PT-2026-6598

Name of the Vulnerable Software and Affected Versions Moxa Industrial Linux 3 affected versions not specified Description A physical attack is possible on certain Moxa industrial computers utilizing TPM-backed LUKS full-disk encryption. The discrete TPM is connected to the CPU via an SPI bus...

Signal, AI Generated Art Least, Amazon, Facebook Most Invasive Apps, Study

By Waqas In-depth analysis reveals concerning patterns in user data collection, with shopping and food delivery apps at the forefront. This is a post from HackRead.com Read the original post: Signal, AI Generated Art Least, Amazon, Facebook Most Invasive Apps, Study...

Stalkerware-type app developers fined by NY Attorney General

Stalkerware is a huge problem when it comes to intrusion into peoples personal lives. "Friends", strangers, family members, abusive spouses and many more can potentially dabble in this malignant pastime and cause all manner of trouble for their target. Thanks to the New York Attorney Generals...

Google Moves to Block Invasive Spanish Spyware Framework

The Heliconia hacking tool exploited vulnerabilities in Chrome, Windows Defender, and Firefox, according to company security researchers...

SharkBot Banking Trojan Resurfaces On Google Play Store Hidden Behind 7 New Apps

As many as seven malicious Android apps discovered on the Google Play Store masqueraded as antivirus solutions to deploy a banking trojan called SharkBot. "SharkBot steals credentials and banking information," Check Point researchers Alex Shamshur and Raman Ladutska said in a report shared with T...

APT C-23 Hackers Using New Android Spyware Variant to Target Middle East Users

A threat actor known for striking targets in the Middle East has evolved its Android spyware yet again with enhanced capabilities that allow it to be stealthier and more persistent while passing off as seemingly innocuous app updates to stay under the radar. The new variants have "incorporated ne...

DuckDuckGo Wants to Stop Apps From Tracking You on Android

The privacy-focused tech company's latest update promises to block invasive data collection across your whole phone...

Yandex Employee Caught Selling Access to Users' Email Inboxes

Russian Dutch-domiciled search engine, ride-hailing and email service provider Yandex on Friday disclosed a data breach that compromised 4,887 email accounts of its users. The company blamed the incident on an unnamed employee who had been providing unauthorized access to the users' mailboxes for...

Microsoft Edge Shares Privacy-Busting Telemetry, Research Alleges

Microsoft Edge is one of the least private web browsers — even more so than other popular browsers like Google Chrome and Mozilla Firefox — according to academic researchers. According to the analysis, from Douglas Leith with the School of Computer Science and Statistics at Trinity College in...

IoT Insecurity: When Your Vacuum Turns on You

SAN FRANCISCO – Hackable Internet of Things IoT devices are on full display this week at the RSA Conference 2020. They include everything from baby monitors to Wi-Fi chips. One such device is a connected vacuum cleaner, the Trifo Ironpie M6. According to researchers with Checkmarx, the vacuum has...

Google Bans 600 Android Apps for Obnoxious Ads

Google has removed nearly 600 Android apps from the Play Store for serving up obnoxious, invasive ads that aren’t easily “x’d” out of. The internet giant said the enforcement action was a strike against mobile ad fraud. Google said Thursday that the apps violated its disruptive ads policy – and a...

A week in security (December 23 – 29)

Last week on Malwarebytes Labs, we continued our retrospective coverage with a look at how lawmakers in the United States treated online privacy this year, finding trends in multiple federal bills introduced in the Senate. Then we took a little break for the holidays. Other cybersecurity news: No...

Senators Grill Facebook, Google, and Apple Over Invasive Apps

Lawmakers want more information about Facebook’s Project Atlas program, which collected data from teens and sidestepped device makers’ privacy policies...

Why Facebook’s Banned ‘Research’ App Was So Invasive

Until Apple revoked its privileges Wednesday, Facebook was paying iOS users $20 a month to download and install the data-sucking application...

doccafe.com XSS vulnerability

Open Bug Bounty ID: OBB-391070 Description| Value ---|--- Affected Website:| doccafe.com Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...

CVE-2017-7564

In ARM Trusted Firmware through 1.3, the secure self-hosted invasive debug interface allows normal world attackers to cause a denial of service secure world panic via vectors involving debug exceptions and debug registers...

Delicate Hardware Hacks Could Unlock Shooter's iPhone

A researcher at IOActive believes the U.S. intelligence community has the capability to carry out a delicate hardware hack that could unlock the iPhone 5c at the center of the current FBiOS debate. The attack requires considerable financial resources and acumen with an intrusive attack against th...

New Mozilla Privacy Initiative to Include High-Capacity Tor Relays

Mozilla is starting a new initiative that the company says is designed to incorporate more privacy enhancing features into Firefox and the other Mozilla products. The project, known as Polaris, involves collaboration with The Tor Project and the Center for Democracy and Technology and will involv...

[FoxOne] Free OSINT Tool - Server Reconnaissance Scanner

FoxOne is a free OSINT tool, described by the author th3j35t3r as a Non-Invasive and Non-Detectable Server Reconnaissance Scanner. Bypassing API limitations and currently detecting 6500+ vulnerable server paths/files – without ever touching the target server. Very good for getting hold of intel o...