How to Recover Data from iCloud Backup Without Resetting Your iPhone

Restore data from an iCloud backup without the necessity of resetting your iPhone. Discover proven methods to get back your photos, messages, contacts, and many more things in a very easy way...

PT-2026-7774

Name of the Vulnerable Software and Affected Versions iOS versions prior to 26.3 iPadOS versions prior to 26.3 Description An input validation issue allows a person with physical access to an iOS device to potentially access photos from the lock screen. Recommendations Update to iOS version 26.3 ...

What does Google know about me? (Lock and Code S06E21)

This week on the Lock and Code podcast … Google is everywhere in our lives. It's reach into our data extends just as far. After investigating how much data Facebook had collected about him in his nearly 20 years with the platform, Lock and Code host David Ruiz had similar questions about the othe...

EUVD-2022-25456

Malicious code in bioql PyPI...

New “Scary” FakeCall Malware Captures Photos and OTPs on Android

A new, more sophisticated variant of the FakeCall malware is targeting Android devices. Learn about the advanced features…...

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs's privacy policy--available elsewhere in the app--allows for blanket...

New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys

Android device users in South Korea have emerged as a target of a new mobile malware campaign that delivers a new type of threat dubbed SpyAgent. The malware "targets mnemonic keys by scanning for images on your device that might contain them," McAfee Labs researcher SangRyol Ryu said in an...

Toyota confirms customer and employee data stolen, says breach at third party to blame

Last week, a cybercriminal using the handle ZeroSevenGroup dumped 240GB of data on the infamous stolen data site BreachForums, that they said came from a hack on the US branch of car manufacturer Toyota. ZeroSevenGroup claims the dump includes customer and employee data. ZeroSevenGroup posted the...

CVE-2024-40778

An authentication issue was addressed with improved state management. This issue is fixed in iOS 16.7.9 and iPadOS 16.7.9, iOS 17.6 and iPadOS 17.6, macOS Sonoma 14.6. Photos in the Hidden Photos Album may be viewed without authentication...

CVE-2024-37314 Nextcloud Photos' shared albums have no restriction on photo removal

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2...

This Website is Selling Billions of Private Messages of Discord Users

By Deeba Ahmed Millions of Discord messages sold online! Protect yourself from leaked usernames, photos & financial details. Learn how to secure your Discord account. This is a post from HackRead.com Read the original post: This Website is Selling Billions of Private Messages of Discord Users...

Trove of UK Student Records Exposed in School Software Server Leak

By Waqas Hundreds of thousands of UK student records exposed in software firm's server leak putting names, grades, and photos at risk - Learn more about the school software breach and how to protect your child's information. This is a post from HackRead.com Read the original post: Trove of UK...

Carousel Slider < 2.2.7 - Editor+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup 1. Add a new slider at "Carousel Slide...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress...

CVE-2024-24887

CVE-2024-24887 is a CSRF vulnerability in the WordPress plugin Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting (Contest Gallery). Affected versions are up to 21.2.8.4; patch 21.2.9 fixes the issue. Patchstack and CVE records confirm low-severity risk with una...

WordPress PeepSo Core: Photos Plugin < 6.3.1.0 is vulnerable to Cross Site Scripting (XSS)

Software PeepSo Core: Photos Type Plugin Vulnerable versions 6.3.1.0 Fixed in 6.3.1.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-22158 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff6b438e0eed Credits Bikram Kharal Required privilege...

ASB-A-272025416

In multiple locations, there is a possible cross-user read due to a confused deputy. This could lead to local information disclosure of photos or other images with no additional execution privileges needed. User interaction is not needed for exploitation...

Authentication flaw

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.1, iOS 17.1 and iPadOS 17.1. Photos in the Hidden Photos Album may be viewed without authentication...

Hackers Leak PII Data and Photos of Brazilian Plastic Surgery Patients

By Waqas The victim of the data breach is the Roberto Polizzi Plastic Surgery Clinic based in Belo Horizonte, Brazil. This is a post from HackRead.com Read the original post: Hackers Leak PII Data and Photos of Brazilian Plastic Surgery Patients...

ASB-A-272020068

In multiple locations, there is a possible bypass of a multi user security boundary due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...