Oz Forensics Oz Liveness 安全漏洞

Oz Forensics Oz Liveness is a leading facial recognition and authentication software from Oz Forensics. A security vulnerability exists in Oz Forensics Oz Liveness versions prior to 4.0.8 late 2023, which stems from an insecure direct object reference that could lead to PII retrieval...

72% of people are worried their data is being misused by the government, and that’s not all…

Bad vibes are big news in privacy right now, with the public feeling isolated in securing their sensitive information from companies, governments, AI models, and scammers. That’s the latest from Malwarebytes research conducted this month, which revealed that the vast majority of people are...

U.S. Dept Of Defense: [Critical Data Breach] Exposure of PII Data Leak via API Response

A critical information disclosure vulnerability was discovered, exposing sensitive user data via an API response. The leaked data included personal information such as full name, email, and phone number...

Preparing for the EU Radio Equipment Directive security requirements

TL;DR UK & EU IoT vendors have more security regulation coming in Applies to all wireless devices Comes into force 1st August 2025 It may be absorbed into the Cyber Resilience Act From 1st August 2025, mandatory cybersecurity requirements come into effect under the EU’s Radio Equipment Directive...

CVE-2024-2292 Access Control Vulnerabilities lead to Violation of Privacy and Modification of Personal Data

Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users...

CVE-2024-2292 Access Control Vulnerabilities lead to Violation of Privacy and Modification of Personal Data

Due to a lack of access control, unauthorized users are able to view and modify information pertaining to other users...

DOGE to Fired CISA Staff: Email Us Your Personal Data

A message posted on Monday to the homepage of the U.S. Cybersecurity & Infrastructure Security Agency CISA is the latest exhibit in the Trump administration's continued disregard for basic cybersecurity protections. The message instructed recently-fired CISA employees to get in touch so they can ...

AMOS and Lumma stealers actively spread to Reddit users

We were alerted to Mac and Windows stealers currently distributed via Reddit posts targeting users engaging in cryptocurrency trading. One of the common lures is a cracked software version of the popular trading platform TradingView. The crooks are posting links to both Windows and Mac installers...

CVE-2025-30116

An issue was discovered on the Forvia Hella HELLA Driving Recorder DR 820. Remotely Dumping of Video Footage and the Live Video Stream can occur. It allows remote attackers to access and download recorded video footage from the SD card via port 9091. Additionally, attackers can connect to port 90...

CVE-2025-25614

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers...

CVE-2025-25614

CVE-2025-25614 affects Unifiedtransform version 2.0 and stems from an Incorrect Access Control flaw that enables privilege escalation, allowing teachers to update other teachers’ personal data. The advisory entries consistently describe this as a data-access control deficiency with high impact (C...

CVE-2025-25614

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers...

U.K. ICO Investigates TikTok, Reddit, and Imgur Over Children's Data Protection Practices

The U.K.'s Information Commissioner's Office ICO has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it's probing how the ByteDance-owned...

Dario Health 安全漏洞

Dario Health is a software from Dario Health that provides digital health solutions for people with chronic conditions. Dario Health has a security vulnerability that stems from the potential to lead to the disclosure of cross-user personally identifiable and health information...

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets

Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky. "The infected projects...

CVE-2024-13719

The PeproDev Ultimate Invoice plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.8 via the invoicing viewer due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view invoices for...

DOGE as a National Cyberattack

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history--not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the...

Teen on Musk’s DOGE Team Graduated from ‘The Com’

Wired reported this week that a 19-year-old working for Elon Musk 's so-called Department of Government Efficiency DOGE was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security...

CVE-2024-11134

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventerexportbookingscsv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to...

Newgen OmniDocs 安全漏洞

Newgen OmniDocs is an enterprise content management suite from Newgen, Inc. A security vulnerability exists in Newgen OmniDocs version 11.0SP103006, which stems from an insecure direct object reference IDOR in the getuserproperty function that allows user configuration and PII to be stolen...