FBI Warns of Fake IC3 Websites Designed to Steal Personal Data

The FBI is warning internet users about fake versions of its official IC3 cybercrime reporting website. Learn how to spot these ‘spoofed’ sites, avoid scams where criminals impersonate agents, and protect your personal information by following the FBI’s crucial safety tips...

Ransomware attack at blood center: Org tells users their data’s been stolen

A blood center has begun sending data breach notifications to its users after suffering a ransomware attack and theft of personal data. The New York Blood Center’s NYBC suffered the ransomware attack in January, in which an unauthorized party gained access to its network and acquired copies of a...

Indico 安全漏洞

Indico is a feature-rich event management system from Indico Open Source. A security vulnerability exists in Indico versions prior to 3.3.8, which stems from improper access checking and could lead to unauthorized retrieval of another user's personal data...

Tax refund scam targets Californians

The State of California Franchise Tax Board FTB recently issued a warning to taxpayers to protect themselves from tax scams. In their warning the FTB states: “Recently, the FTB received reports of a scam targeting taxpayers through text messages that appear to be from FTB. These text messages...

Linux Distros Unpatched Vulnerability : CVE-2021-21435

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Article Bcc fields and agent personal information are shown when customer prints the ticket PDF via external interface. This issue affects: OTRS AG OTRS 7.0.x...

Nearly 1M SSNs and Health Records Exposed in Marijuana Patient Database

Ohio Medical Alliance exposed a medical marijuana patient database containing 957,000 records, including SSNs, IDs, health files, and…...

CVE-2025-41685 SMA: Sunny Portal limited disclosure of personal data of registered users to an authenticated user

A low-privileged remote attacker can obtain the username of another registered Sunny Portal user by entering that user's email address...

Azure Stack Hub Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclose information locally...

CVE-2025-7020

An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS e.g. in the model ATTO3. An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment IVI unit's storage. This allows the...

Online portal exposed car and personal data, allowed anyone to remotely unlock cars

A carmaker’s online dealership portal has been found leaking the private information and vehicle data of its customers. This also meant that anyone with access could remotely break into a car. Researcher Eaton Zveare shared his discovery with TechCrunch. Although he said he has chosen not to...

CVE-2025-7020

An incorrect encryption implementation vulnerability exists in the system log dump feature of BYD's DiLink 3.0 OS e.g. in the model ATTO3. An attacker with physical access to the vehicle can bypass the encryption of log dumps on the In-Vehicle Infotainment IVI unit's storage. This allows the...

CVE-2025-7020

CVE-2025-7020 affects BYD DiLink 3.0 OS (e.g., ATTO3) on the In-Vehicle Infotainment storage. The issue is an incorrect encryption implementation in the system log dump feature, introduced in a patch intended to fix CVE-2024-54728. A attacker with physical access can bypass log-dump encryption an...

AI Tools Fuel Brazilian Phishing Scam While Efimer Trojan Steals Crypto from 5,000 Victims

Cybersecurity researchers are drawing attention to a new campaign that's using legitimate generative artificial intelligence AI-powered website building tools like DeepSite AI and BlackBox AI to create replica phishing pages mimicking Brazilian government agencies as part of a financially motivat...

Privacy Risk Predictions Based on Fundamental Understanding of Personal Data and an Evolving Threat Landscape

It is difficult for individuals and organizations to protect personal information without a fundamental understanding of relative privacy risks. By analyzing over 5,000 empirical identity theft and fraud cases, this research identifies which types of personal data are exposed, how frequently...

A week in security (July 21 – July 27)

A list of topics we covered in the week of July 21 to July 27 of 2025 Last week on Malwarebytes Labs: Steam games abused to deliver malware once again Watch out: Instagram users targeted in novel phishing campaign Age verification: Child protection or privacy risk? iPhone vs. Android: iPhone user...

Startup takes personal data stolen by malware and sells it on to other companies

A tech startup is using personal data stolen by infostealer malware that it has found on the dark web, and then selling access to that data. And it claims to be working within the law. According to 404 Media, for as little as $50, Farnsworth Intelligence will give companies a look at records from...

Exploit for CVE-2025-53640

CVE-2025-53640 – Authenticated User Enumeration in CERN's Indi...

Better Call routing bug can lead to Cache Deception

Summary Using a CDN that caches //.png, //.json, //.css, etc... requests, a cache deception can emerge. This could lead to unauthorized access to user sessions and personal data when cached responses are served to other users. Details The vulnerability occurs in the request processing logic where...

PT-2025-30365 · Npm · Better-Call

Summary Using a CDN that caches //.png, //.json, //.css, etc... requests, a cache deception can emerge. This could lead to unauthorized access to user sessions and personal data when cached responses are served to other users. Details The vulnerability occurs in the request processing logic where...

FBI Warns of Health Insurance Scam Stealing Personal and Medical Data

The Federal Bureau of Investigation FBI has issued a warning about a scam where criminals pretend to be…...