CVE-2019-20579

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 August 2019...

EUVD-2019-11119

Malware in sbrugna...

EUVD-2024-40464

Malicious code in bioql PyPI...

Instagram Map: What is it and how do I control it?

Instagram Map is a new feature—for Instagram, anyway—that users may have enabled without being fully aware of the consequences. The Map feature launched in the US on August 6, 2025, and is reportedly planned for a global rollout "soon." As of mid-August 2025, not all users outside the US,...

CVE-2022-46710

A logic issue was addressed with improved checks. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. Location data may be shared via iCloud links even if Location metadata is disabled via the Share Sheet...

Three privacy rules for 2025 (Lock and Code S06E02)

This week on the Lock and Code podcast… It’s Data Privacy Week right now, and that means, for the most part, that you’re going to see a lot of well-intentioned but clumsy information online about how to protect your data privacy. You’ll see articles about iPhone settings. You’ll hear acronyms for...

Three privacy rules for 2025 (Lock and Code S06E02)

This week on the Lock and Code podcast… It’s Data Privacy Week right now, and that means, for the most part, that you’re going to see a lot of well-intentioned but clumsy information online about how to protect your data privacy. You’ll see articles about iPhone settings. You’ll hear acronyms for...

Millennials’ sense of privacy uniquely tested in romantic relationships

Millennials are in a bind. According to a new analysis of research released earlier this year by Malwarebytes, Millennials are significantly more likely than every other generation to feel that there is no need to share their online account logins with boyfriends, girlfriends, spouses, or...

A week in security (April 15 – April 21)

Last week on Malwarebytes Labs: Law enforcement reels in phishing-as-a-service whopper Mental health company Cerebral failed to protect sensitive personal data, must pay $7 million Cannabis investment scam JuicyFields ends in 9 arrests Should you share your location with your partner? Giant Tiger...

Should you share your location with your partner?

Every relationship has its disagreements. Who takes out the trash and washes the dishes? Who plans the meals and writes out the grocery list? And when is it okay to start tracking one another’s location? Location sharing is becoming the norm between romantic partners—50% of people valued location...

Hauk 信任管理问题漏洞

Hauk is a fully open source, self-hosted location sharing service from the individual developer Marius Lindvall. A security vulnerability exists in Hauk v1.6.1, which stems from hardcoded passwords stored in plaintext in the config.php file on the server side and on the android client device...

Nextcloud: objectId in share location can be set to open arbitrary URL or Deeplinks

Summary: The NextCloud Talk app allows a user to share their location in the Mobile App. The objectId= in /ocs/v2.php/apps/spreed/api/v1/chat/$token/share Can be set to a URL or Deeplink, While the metaData= will render the map, Once a user clicked the map it will open the defined URL or Deeplink...

Good news: Stalkerware survey results show majority of people aren’t creepy

Back in July, we sent out a survey to Malwarebytes Labs readers on the subject of stalkerware—the term used to describe apps that can potentially invade someone’s privacy. We asked one question: “Have you ever used an app to monitor your partner’s phone?” The results were reassuring. We received...

WHO COVID-19 Mobile App: Improper Input Validation on User's Location on PUT /WhoService/putLocation Could Affect Availability/Falsify Users

Summary: Note: I noticed that that the team has fixed issues like an XSS that's caused only from a header value typically OOS since it's not directly exploitable https://github.com/WorldHealthOrganization/app/pull/855, so in the spirit of this I'm also reporting another "good-to-fix" issue. On th...

Information disclosure

An issue was discovered on Samsung mobile devices with N7.x, O8.x, and P9.0 software. Gallery allows attackers to enable Location information sharing from the lock screen. The Samsung ID is SVE-2019-14462 August 2019...

The Simple Way Apple and Google Let Domestic Abusers Stalk Victims

To prove a point about common location-sharing apps, I asked my wife to use them to spy on me...