27 matches found
A week in security (December 8 – December 14)
Last week on Malwarebytes Labs: The US digital doxxing of H-1B applicants is a massive privacy misstep Google ads funnel Mac users to poisoned AI chats that spread the AMOS infostealer How private is your VPN? DroidLock malware locks you out of your Android device and demands ransom Malwarebytes...
EUVD-2025-37015
Senza: Keto & Fasting Android App version 2.10.15 package name com.gl.senza, developed by Paul Itoi, contains an improper access control vulnerability. By exploiting insufficient checks in user data API endpoints, attackers can obtain authentication tokens and perform account takeover. Successful...
EUVD-2025-37019
ABC Fine Wine & Spirits Android App version v.11.27.5 and before package name com.cta.abcfinewineandspirits, developed by ABC Liquors, Inc., contains an improper access control vulnerability in its login mechanism. The application does not properly validate user passwords during authentication,...
CVE-2025-61120
AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...
CVE-2025-61121
Mobile Scanner Android App version 2.12.38 package name com.glority.everlens, developed by Glority Global Group Ltd., contains a credential leakage vulnerability. Improper handling of cloud service credentials may allow attackers to obtain them and carry out unauthorized actions, such as sensitiv...
PT-2025-44426
Name of the Vulnerable Software and Affected Versions mCarFix Motorists App version 2.3 Description The mCarFix Motorists App has improper access control issues. An attacker can bypass verification to create accounts and, by manipulating sequential numeric IDs, gain unauthorized access to user da...
How the Solid Protocol Restores Digital Agency
The current state of digital identity is a mess. Your personal information is scattered across hundreds of locations: social media companies, IoT companies, government agencies, websites you have accounts on, and data brokers you've never heard of. These entities collect, store, and trade your...
PrivacyXray: Detecting Privacy Breaches in LLMs through Semantic Consistency and Probability Certainty
Large Language Models LLMs are widely used in sensitive domains, including healthcare, finance, and legal services, raising concerns about potential private information leaks during inference. Privacy extraction attacks, such as jailbreaking, expose vulnerabilities in LLMs by crafting inputs that...
Hospital Management System 1.0 Insecure Direct Object Reference / Account Takeover
Exploit Title: Hospital Management System - IDOR + Accaunt Takeover Google Dork: N/A Application: Hospital Management System Date: 27.02.2024 Bugs: IDOR + Accaunt Takeover Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
NIST Warns of Security and Privacy Risks from Rapid AI System Deployment
The U.S. National Institute of Standards and Technology NIST is calling attention to the privacy and security challenges that arise as a result of increased deployment of artificial intelligence AI systems in recent years. "These security and privacy challenges include the potential for adversari...
Amazon fined $31 million over privacy breaches, including snooping on kids
By Habiba Rashid The case involves Amazon's settlement with the FTC over security and privacy violations committed by its subsidiaries, Ring and Alexa. This is a post from HackRead.com Read the original post: Amazon fined $31 million over privacy breaches, including snooping on kids...
A week in security (February 27 - March 5)
Last week on Malwarebytes Labs: Fighting online censorship, or, encryption's latest surprise use-case, with Mallory Knodel: Lock and Code S04E05 How to work from home securely, the NSA way TikTok probed over child privacy practices iPhone users targeted in phone AND data theft campaign US Marshal...
Consumer privacy and social media
Looking at the privacy related stories of 2022, its not hard to see that much of the focus was on the social media giants. Banning TikTok is slowly becoming a trend among US states. Google and Facebooks owner Meta was fined on several occasions for amounts that would have put other companies out ...
A week in security (May 23 – 29)
Last week on Malwarebytes Labs: Update now! Nvidia released fixes for 10 flaws in Windows GPU drivers Chicago students lose data to ransomware attackers Hunting down your data with Whitney Merrill: Lock and Code S03E11 Unknown APT group has targeted Russia repeatedly since Ukraine invasion Zero-d...
A week in security (January 17 – 23)
Last week on Malwarebytes Labs: CISA calls for urgent action against critical threats Red Cross begs attackers to “Do the right thing” after family reunion service compromised Update now! Chrome patches critical RCE vulnerability in Safe Browsing Combatting SMS and phone fraud: UK government issu...
Massive faceprint scraping company Clearview AI hauled over the coals
Life must be hard for companies that try to make a living by invading people’s privacy. You almost feel sorry for them. Except I dont. The UK’s Information Commissioner’s Office ICO—an independent body set up to uphold information rights—has announced its provisional intent to impose a potential...
A week in security (January 6 – 12)
Last week on Malwarebytes Labs, we told readers how to check the safety of websites and their related files, explored the shady behavior taking place within the billion-dollar search industry, broke down the top six ways that hackers target retail businesses, and put a spotlight on the ransomware...
Black Hat: LeapFrog Tablet Flaws Let Attackers Track, Message Kids
LAS VEGAS – Serious vulnerabilities have been disclosed in LeapFrog’s tablet for kids, the LeapPad Ultimate, once again throwing child data privacy into the spotlight. The LeapPad Ultimate is a rugged tablet made by LeapFrog that targets children with an array of education, game and eBook apps...
New York, Canada, Ireland Launch New Investigations Into Facebook Privacy Breaches
Facebook has a lot of problems, then there are a lot of problems for Facebook—and both are not going to end anytime sooner. Though Facebook has already set aside $5 billion from its revenue to cover a possible fine the company is expecting as a result of an FTC investigation over privacy...
Privacy in 2019: 6 Basic Steps to Keep Yourself Protected
By John Mason 2019 has barely started, and indications show that this year could very well be one of the worst for Internet users as far as privacy and data security is concerned. As HackRead has reported, below are some of the biggest privacy breaches already exposed this year: Security...