9057 matches found
MAL-2025-21712 Malicious code in google-play-card-balance241 (npm)
The package google-play-card-balance241 was found to contain malicious code...
MAL-2025-16875 Malicious code in check-google-play-card-balance127 (npm)
The package check-google-play-card-balance127 was found to contain malicious code...
MAL-2025-29381 Malicious code in play-url (npm)
The package play-url was found to contain malicious code...
Malicious code in google-play-card-balance162 (npm)
The package google-play-card-balance162 was found to contain malicious code...
Malicious code in google-play-card-balance482 (npm)
The package google-play-card-balance482 was found to contain malicious code...
Malicious code in google-play-card-balance275 (npm)
The package google-play-card-balance275 was found to contain malicious code...
New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits
Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication NFC to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil. "PhantomCard relays NFC data from a victim's banking card t...
PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads
Cybersecurity researchers have discovered a nascent Android remote access trojan RAT called PlayPraetor that has infected more than 11,000 devices, primarily across Portugal, Spain, France, Morocco, Peru, and Hong Kong. "The botnet's rapid growth, which now exceeds 2,000 new infections per week, ...
Android Security Bulletin—August 2025Stay organized with collectionsSave and categorize content based on your preferences.
The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Security patch levels of 2025-08-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. Android partners are...
Q2 2025 Ransomware Trends Analysis: Boom and Bust
“Tumultous times” would be an accurate summary of Q2 2025 where ransomware threat actors are concerned. Rapid7’s internal and publicly-available data analysis reveals a dynamic environment where major players come and go, newer groups work their way up the heavy-hitters ladder, and threat actors...
The vulnerability of the Universal Plug and Play (UPnP) service in Windows operating systems allows attackers to enhance their privileges.
The vulnerability of the Universal Plug and Play UPnP service in Windows operating systems is related to the use of insecure mechanisms for processing authentication data in the operating system’s memory. Exploiting this vulnerability can allow a remote attacker to increase their privileges...
WordPress plugin Testimonial Post type 跨站脚本漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exis...
New Konfety Malware Variant Evades Detection by Manipulating APKs and Dynamic Code
Cybersecurity researchers have discovered a new, sophisticated variant of a known Android malware referred to as Konfety that leverages the evil twin technique to enable ad fraud. The sneaky approach essentially involves a scenario wherein two variants of an application share the same package nam...
The vulnerability of the Universal Plug and Play (UPnP) Device Host Service in Microsoft Windows operating systems allows a hacker to increase their privileges.
The vulnerability of the Universal Plug and Play UPnP Device Host Service in Microsoft Windows operating systems is related to the ability to utilize freed memory. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...
Security Enclave Architecture for Heterogeneous Security Primitives for Supply-Chain Attacks
Designing secure architectures for system-on-chip SoC platforms is a highly intricate and time-intensive task, often requiring months of development and meticulous verification. Even minor architectural oversights can lead to critical vulnerabilities that undermine the security of the entire chip...
CVE-2025-48821
Use after free in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over an adjacent network...
CVE-2025-48819
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over an adjacent network...
CVE-2025-48819
Sensitive data storage in improperly locked memory in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges over an adjacent network...
CVE-2025-48821 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
...
CVE-2025-48819 Windows Universal Plug and Play (UPnP) Device Host Elevation of Privilege Vulnerability
...