CVE-2025-6741

CVE-2025-6741 describes improper access control in the Devolutions Server secure message component, enabling an authenticated user to steal unauthorized entries via the secure message entry attachment feature. Affected are Devolutions Server 2025.2.2.0–2025.2.4.0 and 2025.1.11.0 and earlier. Root...

CVE-2021-37093

There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages...

CVE-2025-0740

An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing the “CHATID” of the endpoint "/embedai/chats/loadmessages?chatid="...

CVE-2021-37093

Technical details about CVE-2021-37093 are not publicly available in the provided documents; no confirmed affected products, exact root cause, or remediation are disclosed here. Monitor for updates from vendor advisories.

Implant Teardown

Posted by Ian Beer, Project Zero In the earlier posts we examined how the attackers gained unsandboxed code execution as root on iPhones. At the end of each chain we saw the attackers calling posixspawn, passing the path to their implant binary which they dropped in /tmp. This starts the implant...