264 matches found
A week in security (June 8 – June 14)
Last week on Malwarebytes Labs: Stolen iPhones could soon be worth a lot less to thieves Fake verification pages are stealing Steam accounts from players Google can be liable for false AI Overviews, court rules VRChat says reported data breach never happened Children’s phones must block nude imag...
Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites...
Malicious code in spotify-url-resolver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d48e77a28430ecc01968323c62517a7928f9c0db72e086a64eb87e1b63f33b7 On require'spotify-url-resolver', index.js line 21 invokes startBackupLoop at module top level. The loop zips process.cwd the installer's project roo...
MAL-2026-5574 Malicious code in spotify-url-resolver (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d48e77a28430ecc01968323c62517a7928f9c0db72e086a64eb87e1b63f33b7 On require'spotify-url-resolver', index.js line 21 invokes startBackupLoop at module top level. The loop zips process.cwd the installer's project roo...
Free Spotify Premium hacks on social media are spreading infostealers
Short-form video platforms like TikTok and Instagram Reels have become the latest way cybercriminals spread malware. We've already seen attackers move away from traditional phishing emails and toward tactics that trick people into installing malware themselves. Now they're being lured with slick...
Wiz + Spotify Backstage: Security at the Developer’s Desk
Bring Wiz Issues directly into Backstage, so developers can act on security issues in the tools they use everyday...
Spotify and Major Music Labels Sue Anna’s Archive for $13 Trillion
Spotify and the Big Three labels have filed a record-breaking $13 trillion lawsuit against Anna’s Archive over a massive music data scrape. Find out what this means for the future of digital music...
A week in security (December 22 – December 28)
Last week on Malwarebytes Labs: Pornhub tells users to expect sextortion emails after data exposure Hacktivists claim near-total Spotify music scrape Stay safe! We don 't just report on threats—we help safeguard your entire digital identity Cybersecurity risks should never spread beyond a headlin...
Hacktivists claim near-total Spotify music scrape
Hacktivist group Anna’s Archive claims to have scraped almost all of Spotify’s catalog and is now seeding it via BitTorrent, effectively turning a streaming platform into a roughly 300 TB pirate “preservation archive.” On its blog, the group states: “A while ago, we discovered a way to scrape...
Pirate Group Anna’s Archive Copies 256M Spotify Songs in Data Scrape
Spotify has confirmed a massive unauthorised data scrape involving 256 million track records and 86 million audio files. Learn how "Anna’s Archive" bypassed security, and why experts warn against downloading the leaked files...
[SECURITY] Fedora 42 Update: python-spotipy-2.25.2-1.fc42
A light weight Python library for the Spotify Web API...
[SECURITY] Fedora 41 Update: python-spotipy-2.25.2-1.fc41
A light weight Python library for the Spotify Web API...
[SECURITY] Fedora 43 Update: python-spotipy-2.25.2-1.fc43
A light weight Python library for the Spotify Web API...
EUVD-2025-199770
Spotipy has a XSS vulnerability in its OAuth callback server...
Spotipy 跨站脚本漏洞
Spotipy is the spotipy-dev individual developer's lightweight Python library for the Spotify Web API. A cross-site scripting vulnerability exists in Spotipy versions prior to 2.25.2, which stems from the OAuth callback server failing to clean up incorrect parameters, which could lead to a...
EUVD-2017-8902
Malware in sbrugna...
EUVD-2018-11805
Malware in sbrugna...
EUVD-2023-48504
Malicious code in bioql PyPI...
EUVD-2025-5469
Malicious code in bioql PyPI...
EUVD-2025-29012
Malicious code in bioql PyPI...