Lucene search
K

176 matches found

Malwarebytes
Malwarebytes
added 2025/11/18 11:21 a.m.6 views

Why it matters when your online order is drop-shipped

Online shopping has never been easier. A few clicks can get almost anything delivered straight to your door, sometimes at a surprisingly low price. But behind some of those deals lies a fulfillment model called drop-shipping. It's not inherently fraudulent, but it can leave you disappointed,...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-42116

Malicious code in bioql PyPI...

8.4CVSS6.6AI score0.01092EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/08/26 1:30 p.m.7 views

MixShell Malware Delivered via Contact Forms Targets U.S. Supply Chain Manufacturers

Cybersecurity researchers are calling attention to a sophisticated social engineering campaign that's targeting supply chain-critical manufacturing companies with an in-memory malware dubbed MixShell. The activity has been codenamed ZipLine by Check Point Research. "Instead of sending unsolicited...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/14 11:11 a.m.13 views

Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity fir...

7.5AI score
Exploits0
Android Security Bulletins
Android Security Bulletins
added 2025/04/07 12:0 a.m.13 views

Android Automotive OS Update Bulletin—April 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2025-04-05 or later from the April 2025 Android Security Bulletin in addition to all issues in this...

7.8AI score
Exploits0
ICS
ICS
added 2025/01/30 7:0 a.m.27 views

Contec Health CMS8000 Patient Monitor (Update A)

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to remotely send specially formatted UDP requests or connect to an unknown external network that would allow them to write arbitrary data, resulting in remote code execution. The device may also leak patient...

9.8CVSS7.8AI score0.01276EPSS
Exploits1References10
CISA
CISA
added 2025/01/17 12:0 p.m.4 views

CISA and FBI Release Updated Guidance on Product Security Bad Practices

In partnership with the Federal Bureau of Investigation FBI, CISA released an update to joint guidance Product Security Bad Practices in furtherance of CISA’s Secure by Design initiative. This updated guidance incorporates public comments CISA received in response to a Request for Information,...

7.1AI score
Exploits0References4
CISA
CISA
added 2025/01/16 12:0 p.m.5 views

CISA and Partners Release Call to Action to Close the National Software Understanding Gap

Today, CISA—in partnership with the Defense Advanced Research Projects Agency DARPA, the Office of the Under Secretary of Defense for Research and Engineering OUSD R&E, and the National Security Agency NSA—published Closing the Software Understanding Gap. This report urgently implores the U.S...

7.1AI score
Exploits0References2
Android Security Bulletins
Android Security Bulletins
added 2024/12/02 12:0 a.m.39 views

Android Security Bulletin December 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2024-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...

8.8CVSS8.1AI score0.00368EPSS
Exploits0
CISA
CISA
added 2024/10/16 12:0 p.m.5 views

CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment

Today, the Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI released joint guidance on Product Security Bad Practices, a part of CISA’s Secure by Design initiative. This joint guidance supplies an overview of exceptionally risky product security ba...

7AI score
Exploits0References4
The Hacker News
The Hacker News
added 2024/09/12 1:46 p.m.20 views

Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide

Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d aka Void. "It is a backdoor that puts its components in the system storage area and, when commanded by attacker...

8AI score
Exploits0
Packet Storm
Packet Storm
added 2024/09/01 12:0 a.m.231 views

Multiple DVR Manufacturers Configuration Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Multiple DVR Manufacturers Configuration Disclosure', 'Description' = %q This module takes advantage of an authentication bypass vulnerability at...

7.5CVSS7AI score0.76109EPSS
Exploits4
Malwarebytes
Malwarebytes
added 2024/08/20 12:59 p.m.8 views

“We will hold them accountable”: General Motors sued for selling customer driving data to third parties

Texas Attorney General Ken Paxton has sued General Motors GM for the unlawful collection and sale of over 1.5 million Texans’ private driving data to insurance companies without their knowledge or consent. In June, the Attorney General AG announced he had opened an investigation into several car...

7.1AI score
Exploits0
CISA
CISA
added 2024/08/06 12:0 p.m.5 views

CISA Releases Secure by Demand Guidance

Today, CISA and the Federal Bureau of Investigation FBI have released Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem to help organizations drive a secure technology ecosystem by ensuring their software manufacturers prioritize secure technology from the...

7.2AI score
Exploits0References2
Schneier on Security
Schneier on Security
added 2024/07/30 11:7 a.m.7 views

Providing Security Updates to Automobile Software

Auto manufacturers are just starting to realize the problems of supporting the software in older models: Today’s phones are able to receive updates six to eight years after their purchase date. Samsung and Google provide Android OS updates and security updates for seven years. Apple halts servici...

7.3AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/05/02 11:5 a.m.22 views

The UK Bans Default Passwords

The UK is the first country to ban default passwords on IoT devices. On Monday, the United Kingdom became the first country in the world to ban default guessable usernames and passwords from these IoT devices. Unique passwords installed by default are still permitted. The Product Security and...

7.3AI score
Exploits0
NVD
NVD
added 2024/04/22 3:15 p.m.17 views

CVE-2023-38301

An issue was discovered in a third-party component related to vendor.gsm.serial, shipped on devices from multiple device manufacturers. Various software builds for the BLU View 2, Boost Mobile Celero 5G, Sharp Rouvo V, Motorola Moto G Pure, Motorola Moto G Power, T-Mobile Revvl 6 Pro 5G, and...

3.4CVSS6.4AI score0.00165EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.5 views

PT-2024-12696 · Motorola +1 · Motorola Moto G Pure +3

Name of the Vulnerable Software and Affected Versions: TCL 30Z affected versions not specified TCL 10L affected versions not specified Motorola Moto G Pure affected versions not specified Motorola Moto G Power affected versions not specified Description: An issue was discovered in a third-party...

7.1CVSS6.5AI score0.00155EPSS
Exploits0References4
CVE
CVE
added 2024/04/22 12:0 a.m.51 views

CVE-2023-38301

CVE-2023-38301 describes a third-party component issue in vendor.gsm.serial that lets any local app read the device serial number via the vendor.gsm.serial system property without permissions. Affected devices span multiple manufacturers: BLU View 2; Boost Mobile Celero 5G; Sharp Rouvo V; Motorol...

3.4CVSS6.7AI score0.00165EPSS
Exploits0References1
CVE
CVE
added 2024/04/22 12:0 a.m.50 views

CVE-2023-38291

CVE-2023-38291 describes a leakage of the Wi‑Fi MAC address via the system propertyro.boot.wifimacaddr in devices from multiple manufacturers. Connected sources (Red Hat, NVD, CNVD, CVE list, vuln enrichment) confirm a third‑party component issue affecting TCL devices (30Z, 10L) and Motorola devi...

7.1CVSS6.6AI score0.00155EPSS
Exploits0References1
Rows per page
Query Builder