CVE-2026-7166

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

Cyberattack on a Car Breathalyzer Firm Leaves Drivers Stuck

Plus: The FBI admits it’s buying phone data to track Americans, Iranian hackers disrupt medical care at Maryland hospitals, and more...

New Mobile Phone Forensics Tool

The Chinese have a new tool called Massistant. Massistant is the presumed successor to Chinese forensics tool, "MFSocket", reported in 2019 and attributed to publicly traded cybersecurity company, Meiya Pico. The forensics tool works in tandem with a corresponding desktop software. Massistant gai...

CBP Wants New Tech to Search for Hidden Data on Seized Phones

Customs and Border Protection is asking companies to pitch tools for performing deep analysis on the contents of devices seized at the US border...

Software company accused of illegally profiling millions of mobile phone users

A digital rights and privacy organization has filed a complaint against software company TeleSign for gathering and selling information on millions of mobile phone users. The organization that filed the complaint is nyob. nyob is an Austrian based digital right organization that focusses on...

Red Eyes Exploits Hangul EPS Vulnerability and Steganography to Spread Malware

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The Red Eyes group used an old vulnerability in Hangul word processor to spread malicious code via steganography, stealing personal PC information and mobile phone data, and executing C&C commands using ...

Google Urged to Stop Tracking Location Data Ahead of Roe Reversal

Lawmakers argue Android phone data could be “weaponized against women” if the US Supreme Court officially overturns abortion protections...

How Police Abuse Phone Data to Persecute LGBTQ People

In many parts of the world, law enforcement uses WhatsApp chats, text messages, and photos from confiscated phones as "evidence" against persecuted groups...

How the FBI Gets Location Information

Vice has a detailed article about how the FBI gets data from cell phone providers like AT&T, T-Mobile, and Verizon, based on a leaked I think 2019 139-page presentation...

Google Report Spotlights Controversial ‘Geofence Warrants’ by Police

Newly released data by Google sheds light on a controversial practice called “geofence warrants”, which describes the practice of law enforcement requesting mobile phone data of users within close proximity of a crime. Google said, in an August report, the number of geofence warrants the company...

Gtlab luca 数据伪造问题漏洞

Gtlab luca is a Gtlab open source application. A secure and encrypted exchange of contact information. A data forgery issue vulnerability exists in Luca version 1.1.14, which can be exploited by remote attackers to cause a denial of service due to a lack of digital signatures for phone number dat...

Collecting and Selling Mobile Phone Location Data

The Wall Street Journal has an article about a company called Anomaly Six LLC that has an SDK that's used by "more than 500 mobile applications." Through that SDK, the company collects location data from users, which it then sells. Anomaly Six is a federal contractor that provides...

Polycom IP Phone - Web Interface Data Disclosure

/ / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / , 'Line 1' of 'Polycom IP Phone' software. The vulnerability allows the attacker to disclosure th...