Apple Pay phish uses fake support calls to steal payment details

It started with an email that looked boringly familiar: Apple logo, a clean layout, and a subject line designed to make the target’s stomach drop. The message claimed Apple has stopped a high‑value Apple Pay charge at an Apple Store, complete with a case ID, timestamp, and a warning that the...

EUVD-2025-199040

Malicious code in react-native-phone-call npm...

MAL-2025-191003 Malicious code in react-native-phone-call (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e134ec88971e1ecadce79d1699bde00b798633b1ef9a0f6ebb2dbf67a51cdf5 The package react-native-phone-call was found to contain malicious code. Source: ghsa-malware...

Malicious code in react-native-phone-call (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0e134ec88971e1ecadce79d1699bde00b798633b1ef9a0f6ebb2dbf67a51cdf5 The package react-native-phone-call was found to contain malicious code. Source: ghsa-malware...

EUVD-2013-4996

Malware in sbrugna...

EUVD-2019-18089

Malware in sbrugna...

EUVD-2022-39480

Malicious code in bioql PyPI...

EUVD-2023-46908

Malicious code in bioql PyPI...

EUVD-2024-35864

Malicious code in bioql PyPI...

EUVD-2022-25483

Malicious code in bioql PyPI...

CVE-2025-22419

In multiple locations, there is a possible way to mislead the user into enabling malicious phone calls forwarding due to a tapjacking/overlay attack. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation...

Linux Distros Unpatched Vulnerability : CVE-2022-22677

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic issue in the handling of concurrent media was addressed with improved state handling. This issue is fixed in macOS Monterey 12.4, iOS 15.5 and iPadOS...

How to spot the latest fake Gmail security alerts

Security alerts from tech companies are supposed to warn us when something might be amiss—but what if the alerts themselves are the risk? Scammers have long impersonated tech companies' security and support staff as a way to sniff out users' login credentials, and reports suggest that they're doi...

CVE-2025-43976

The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component...

CVE-2025-43976

The com.enflick.android.tn2ndLine application through 24.17.1.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.enflick.android.TextNow.activities.DialerActivity component...

CVE-2025-43977

The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component...

com.enflick.android.tn2ndLine 安全漏洞

com.enflick.android.tn2ndLine is an application. A security vulnerability exists in com.enflick.android.tn2ndLine version 24.17.1.0 and earlier, which stems from a vulnerability that allows arbitrary apps to make phone calls via a specially crafted intent, which could result in a phone call witho...

SKTelecom com.skt.prod.dialer 安全漏洞

SKTelecom com.skt.prod.dialer is an official dialing and call management application from SKTelecom Korea. A security vulnerability exists in SKTelecom com.skt.prod.dialer version 12.5.0 and earlier, which stems from a vulnerability that allows arbitrary applications to make phone calls via a...

PT-2025-30288 · Sk Telecom · Com.Skt.Prod.Dialer

Name of the Vulnerable Software and Affected Versions: com.skt.prod.dialer versions through 12.5.0 Description: The application allows any installed application, without requiring any permissions, to initiate phone calls without user interaction. This is achieved by sending a specially crafted...

CVE-2025-43977

The com.skt.prod.dialer application through 12.5.0 for Android enables any installed application with no permissions to place phone calls without user interaction by sending a crafted intent via the com.skt.prod.dialer.activities.outgoingcall.OutgoingCallInternalBroadcaster component...