Astra Linux - уязвимость в zbar

There is a heap-based buffer overflow in the qrreadermatchcenters function of ZBar 0.23.90. specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To exploit this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...

FBI Warns North Korean Hackers Using Malicious QR Codes in Spear-Phishing

The U.S. Federal Bureau of Investigation FBI on Thursday released an advisory warning of North Korean state-sponsored threat actors leveraging malicious QR codes in spear-phishing campaigns targeting entities in the country. "As of 2025, Kimsuky actors have targeted think tanks, academic...

CVE-2025-65293

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.90027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset...

CVE-2025-65293

Command injection vulnerabilities in Aqara Camera Hub G3 4.1.90027 allow attackers to execute arbitrary commands with root privileges through malicious QR codes during device setup and factory reset...

CVE-2025-65293

CVE-2025-65293 refers to a command-injection vulnerability in Aqara Camera Hub G3. Affected software is Aqara Camera Hub G3 version 4.1.9_0027. The underlying issue allows an attacker to execute arbitrary root-level commands via malicious QR codes used during device setup and factory reset. Evide...

PT-2025-50542

Name of the Vulnerable Software and Affected Versions Aqara Camera Hub G3 version 4.1.9 0027 Description The Aqara Camera Hub G3 contains command injection flaws. Successful exploitation allows attackers to execute arbitrary commands with root privileges. This is achieved by providing malicious Q...

The Rise of QR Phishing: How Scammers Exploit QR Codes and How to Stay Safe

QR phishing is on the rise, tricking users into scanning malicious QR codes. Learn how cybercriminals exploit QR codes and how to protect yourself...

Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes

Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is t...

USN-7247-1: OpenCV vulnerabilities

It was discovered that OpenCV did not properly manage certain XML data, leading to a NULL pointer dereference. If a user were tricked into loading a specially crafted file, a remote attacker could possibly use this issue to make OpenCV crash, resulting in a denial of service. This issue only...

A week in security (November 11 – November 17)

Last week on Malwarebytes Labs: Malicious QR codes sent in the mail deliver malware 122 million people’s business contact info leaked by data broker Advertisers are pushing ad and pop-up blockers using old tricks Scammer robs homebuyers of life savings in $20 million theft spree Temu must respect...

How are attackers using QR codes in phishing emails and lure documents?

Though QR codes were once on the verge of extinction, many consumers are used to seeing them in the wild for ordering at restaurants, or as mainstays on storefront doors informing customers how they can sign up for a newsletter or score a sweet deal. The use of QR codes saw a resurgence during th...

UBUNTU-CVE-2023-40889

A heap-based buffer overflow exists in the qrreadermatchcenters function of ZBar 0.23.90. Specially crafted QR codes may lead to information disclosure and/or arbitrary code execution. To trigger this vulnerability, an attacker can digitally input the malicious QR code, or prepare it to be...

Researchers Warn of New Variants of ChromeLoader Browser in the Wild

By Deeba Ahmed ChromeLoader malware is spread through pirated games, malicious QR codes, and cracked software that hijacks the victims web… This is a post from HackRead.com Read the original post: Researchers Warn of New Variants of ChromeLoader Browser in the Wild...

Warning issued over tampered QR codes

Avid readers of the Malwarebytes Labs blog will be well aware of QR code scams. Take, for example, that QR code scam in the Netherlands that victimized at least a dozen and definitely more car owners. It went like this: Someone approaches you and says they want to pay for their parking but cant...

Surge in Malicious QR Codes Sparks FBI Alert

Menus, event ticket sales, quick site access — QR codes have become a common way to interact as a result of the COVID-19 pandemic. But the smart little matrix bar codes are easily tampered with and can be used to direct victims to malicious sites, the FBI warned in an alert. QR codes are the...

Test your barcode scanners: MalQR

Test your barcode scanners MalQR is a collection of malicious QR codes and barcodes you can use to test the security of your scanners. It gives you the ability to conduct such tests with easiness : you just need to have a smartphone, a tablet or a laptop with an internet connection and browse...

QR codes - Next way for Android Malware

Once a user scans the QR code, the code redirects them to a site that will install a Trojan on their Android smart phones. Kaspersky's SecureList blog has a report of a malicious QR code on a web site which when scanned directs the user to a URL; the linked site doesn't have a file matching the...