Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow

Plus: A ransomware group is now stealing data in person, BusPatrol wants to hand its license plate surveillance data to the cops, and more...

The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers

Plus: Google publishes a live exploit for an unpatched flaw, the feds arrest two men accused of creating thousands of nonconsensual deepfake nudes, and more...

A Bipartisan Amendment Would End Police License Plate Tracking Nationwide

One line tucked into a federal highway bill would strip funds from cities and states unless they kill their automated plate tracking programs—effectively banning the tech for all but toll collection...

Street-Legal Physical-World Adversarial Rim for License Plates

Automatic license plate reader ALPR systems are widely deployed to identify and track vehicles. While prior work has demonstrated vulnerabilities in ALPR systems, far less attention has been paid to their legality and physical-world practicality. We investigate whether low-resourced threat actors...

Malicious code in plate-playground-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ac5bae237041bc5b4bbd86a3aa58c9cf5734d4046742565f738e9580f95b3d4 The package plate-playground-template was found to contain malicious code...

MAL-2026-1817 Malicious code in plate-playground-template (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4ac5bae237041bc5b4bbd86a3aa58c9cf5734d4046742565f738e9580f95b3d4 The package plate-playground-template was found to contain malicious code...

Tattile Cameras 1.181.5 Use of Default Credentials

Summary Tattile is an Italian manufacturer specializing in advanced ANPR/ALPR, traffic‑enforcement, and machine‑vision camera systems used across intelligent transportation networks, tolling infrastructures, access‑control environments, and industrial automation. Their portfolio includes...

Flock cameras shared license plate data without permission

Mountain View, California, pulled the plug on its entire license plate reader camera network this week. It discovered that Flock Safety, which ran the system, had been sharing city data with hundreds of law enforcement agencies, including federal ones, without permission. Flock Safety runs an...

AI-Powered Surveillance in Schools

It all sounds pretty dystopian: Inside a white stucco building in Southern California, video cameras compare faces of passersby against a facial recognition database. Behavioral analysis AI reviews the footage for signs of violent behavior. Behind a bathroom door, a smoke detector-shaped device...

A week in security (January 5 – January 11)

Last week on Malwarebytes Labs: pcTattletale founder pleads guilty as US cracks down on stalkerware Are we ready for ChatGPT Health? CISA warns of active attacks on HPE OneView and legacy PowerPoint Lego’s Smart Bricks explained: what they do, and what they don’t Fake WinRAR downloads hide malwar...

ALPRs are recording your daily drive (Lock and Code S06E26)

This week on the Lock and Code podcast … There's an entire surveillance network popping up across the United States that has likely already captured your information, all for the non-suspicion of driving a car. Automated License Plate Readers, or ALPRs, are AI-powered cameras that scan and store ...

Selea CarPlateServer 代码问题漏洞

Selea CarPlateServer is a license plate recognition software from the Italian company Selea. A code issue vulnerability exists in Selea CarPlateServer version 4.0.1.6, which stems from the presence of unquoted service paths in the Windows service configuration, which could lead to code execution...

Selea CarPlateServer 访问控制错误漏洞

Selea CarPlateServer is a car plate recognition software from Selea, Italy. An access control error vulnerability exists in Selea CarPlateServer version 4.0.1.6, which originates from the ability to bypass authentication by manipulating the NOLISTEXEPATH configuration parameter, which could lead ...

CVE-2025-68459

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

CVE-2025-68459

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

CVE-2025-68459

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

EUVD-2025-204038

RG - AP180, Indoor Wall Plate Wireless AP AP180 series provided by Ruijie Networks Co., Ltd. contain an OS command injection vulnerability. An arbitrary OS command may be executed on the product by an attacker who logs in to the CLI service...

CVE-2021-47731

Selea Targa IP OCR-ANPR Camera contains a hard-coded developer password vulnerability that allows unauthorized configuration access through an undocumented page. Attackers can exploit the hidden endpoint by using the hard-coded password 'Selea781830' to enable configuration upload and overwrite...

CVE-2021-47729

Selea Targa IP OCR-ANPR Camera contains a stored cross-site scripting vulnerability in the 'fileslist' parameter that allows attackers to inject malicious HTML and script code. Attackers can send a POST request to /cgi-bin/getfile.php with crafted payload to execute arbitrary scripts in victim's...

A week in security (November 17 – November 23)

Last week on Malwarebytes Labs: AI teddy bear for kids responds with sexual content and advice about weapons Fake calendar invites are spreading. Here’s how to remove them and prevent more Budget Samsung phones shipped with unremovable spyware, say researchers What the Flock is happening with...