CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...

Malicious code in peloton-creative-assets (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 27599b248968e9e2ea7e7167ee3199163e611123d5a34c382d7041a04ade757e The OpenSSF Package Analysis project identified...

MAL-2025-48752 Malicious code in peloton-creative-assets (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 27599b248968e9e2ea7e7167ee3199163e611123d5a34c382d7041a04ade757e The OpenSSF Package Analysis project identified...

EUVD-2021-20560

Malware in sbrugna...

Malicious code in peloton-clients (PyPI)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in peloton-client123 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41716 Malicious code in peloton-clients (PyPI)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-41715 Malicious code in peloton-client123 (PyPI)

--- -= Per source details. Do not edit below this line.=-...

peloton.co.th Cross Site Scripting vulnerability OBB-4033999

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

A week in security (July 8 – July 14)

Last week on Malwarebytes Labs: "Nearly all" AT&T customers had phone records stolen in new data breach disclosure Fake Microsoft Teams for Mac delivers Atomic Stealer Dangerous monitoring tool mSpy suffers data breach, exposes customer details iPhone users in 98 countries warned about spyware by...

Peloton accused of providing customer chat data to train AI

It seems that Peloton may have been providing more training than just for its customers, as its set to face court in California accused of using user chat data to train AI. Peloton Interactive, Inc. is a US-based exercise equipment and media company, known for its stationary bicycles, treadmills,...

Vulnerabilities exposed Peloton treadmills to malware and DoS attacks

By Habiba Rashid Internet-Connected Gym Equipment Raises Concerns Over Security Vulnerabilities! This is a post from HackRead.com Read the original post: Vulnerabilities exposed Peloton treadmills to malware and DoS attacks...

Exploit for Out-of-bounds Write in Google Android

Skeleton but pronounced like Peloton A Zero-Click RCE explo...

CVE-2021-40526

Incorrect calculation of buffer size vulnerability in Peleton TTR01 up to and including PTV55G allows a remote attacker to trigger a Denial of Service attack through the GymKit daemon process by exploiting a heap overflow in the network server handling the Apple GymKit communication. This can lea...

Peleton TTR01 安全漏洞

The Peleton TTR01 is a wireless device. A security vulnerability exists in the Peleton TTR01 including the PTV55G that allows remote attackers to exploit a heap overflow in the web server that handles Apple's GymKit communications to trigger a denial of service attack via the GymKit daemon. This...

Coursera Flunks API Test in Researchers’ Security Exam

Researchers have discovered multiple application programming interface API issues in Coursera, the online learning platform used by 82 million learners and hundreds of Fortune 500 companies. On Thursday, the Checkmarx Security Research Team published a report on its findings, which included user...

Vulnerability exposed Peloton bike, treadmil to malware attacks

By Deeba Ahmed Peloton workouts are susceptible to hacking leading to malware and spying, claims McAfee's Advanced Threat Research team. This is a post from HackRead.com Read the original post: Vulnerability exposed Peloton bike, treadmil to malware attacks...

Peloton Vulnerability Found and Fixed

Researchers have discovered a vulnerability in Peloton stationary bicycles, one that would give the attacker complete control over the device. The attack requires physical access to the Peloton, so its not really a practical attack. President Bidens Peloton was not in danger...

Peloton Bike+ Bug Gives Hackers Complete Control

The popular Peloton Bike+ and Peloton Tread exercise equipment contain a security vulnerability that could expose gym users to a wide variety of cyberattacks, from credential theft to surreptitious video recordings. According to research from McAfee’s Advanced Threat Research ATR team, the bug no...

CVE-2021-33887

Insufficient verification of data authenticity in Peloton TTR01 up to and including PTV55G allows an attacker with physical access to boot into a modified kernel/ramdisk without unlocking the bootloader...