Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: CVE-2025-26594: Use-after-free of the root cursor bsc1237427. CVE-2025-26595: Buffer overflow in XkbVModMaskText bsc1237429. CVE-2025-26596: Heap overflow in XkbWriteKeySyms bsc1237430. CVE-2025-26597: Buffer overflow in...

Security update for xorg-x11-server

This update for xorg-x11-server fixes the following issues: CVE-2025-26594: Use-after-free of the root cursor bsc1237427. CVE-2025-26595: Buffer overflow in XkbVModMaskText bsc1237429. CVE-2025-26596: Heap overflow in XkbWriteKeySyms bsc1237430. CVE-2025-26597: Buffer overflow in...

CVE-2022-49729

In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvlplaydeferred Similar to the handling of playdeferred in commit 19cfe912c37b "Bluetooth: btusb: Fix memory leak in playdeferred", we thought a patch might be needed here as well. Currently...

UBUNTU-CVE-2022-49729

In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvlplaydeferred Similar to the handling of playdeferred in commit 19cfe912c37b "Bluetooth: btusb: Fix memory leak in playdeferred", we thought a patch might be needed here as well. Currently...

CVE-2022-49729 nfc: nfcmrvl: Fix memory leak in nfcmrvl_play_deferred

In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix memory leak in nfcmrvlplaydeferred Similar to the handling of playdeferred in commit 19cfe912c37b "Bluetooth: btusb: Fix memory leak in playdeferred", we thought a patch might be needed here as well. Currently...

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. The app— known as “Finance Simplified”—belongs to the SpyLoan family which specializes in predatory lending. Sometimes malware creators manage to get their apps listed in the...

CVE-2024-37602

An issue was discovered in Mercedes Benz NTG New Telematics Generation 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP...

CVE-2024-37602

An issue was discovered in Mercedes Benz NTG New Telematics Generation 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP...

CVE-2024-37602

An issue was discovered in Mercedes Benz NTG New Telematics Generation 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP...

CVE-2024-37602

CVE-2024-37602 affects Mercedes-Benz NTG (New Telematics Generation) 6 through 2021 head units. The vulnerability is a NULL pointer dereference in the Apple CarPlay function that can crash the Car Play service. Exploitation requires physical access to Ethernet pins on the head unit base board; wi...

CVE-2024-37602

An issue was discovered in Mercedes Benz NTG New Telematics Generation 6 through 2021. A possible NULL pointer dereference in the Apple Car Play function affects NTG 6 head units. To perform this attack, physical access to Ethernet pins of the head unit base board is needed. With a static IP...

Screenshot-Reading Malware

Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition OCR to review a device's photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more...

SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images

A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition OCR model to exfiltrate select images...

CVE-2020-8913

A local, arbitrary code execution vulnerability exists in the SplitCompat.install endpoint in Android's Play Core Library versions prior to 1.7.2. A malicious attacker could create an apk which targets a specific application, and if a victim were to install this apk, the attacker could perform a...

Take my money: OCR crypto stealers in Google Play and App Store

Update 07.02.2025: Google removed malicious apps from Google Play. Update 06.02.2025: Apple removed malicious apps from the App Store. In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. Some of these scanned users' image galleries in search of...

CVE-2024-20348

A vulnerability in the Out-of-Band OOB Plug and Play PnP feature of Cisco Nexus Dashboard Fabric Controller NDFC could allow an unauthenticated, remote attacker to read arbitrary files. This vulnerability is due to an unauthenticated provisioning web server. An attacker could exploit this...

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.3 million apps from...

Opera for Android has received Google Play’s Independent Security Review badge. Here’s what this means for your security

Security Opera for Android has received Google Play’s Independent Security Review badge. Here’s what this means for your security Share January 30th, 2025 Hey Opera users! You might have seen that Opera for Android has achieved a new security-focused milestone: If you search for Opera for Android...

CVE-2025-21389

Uncontrolled resource consumption in Windows Universal Plug and Play UPnP Device Host allows an unauthorized attacker to deny service over a network...

CVE-2025-21300

Windows Universal Plug and Play UPnP Device Host Denial of Service Vulnerability...