Fake Zoom meeting “update” silently installs unauthorized version of monitoring tool abused by cybercriminals to spy on victims

UPDATE February 27, 2026: We have added more clarity around the abuse of legitimate commercial products. UPDATE February 25, 2026 : Teramind has stated that it is not affiliated with the threat actors described and did not authorize the deployment of the software referenced. Further updates have...

EUVD-2025-14950

Malicious code in bioql PyPI...

CVE-2025-47782

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

PYSEC-2025-39

motionEye is an online interface for the software motion, a video surveillance program with motion detection. In versions 0.43.1b1 through 0.43.1b3, using a constructed camera device path with the add/addcamera motionEye web API allows an attacker with motionEye admin user credentials to execute...

CVE-2025-43928

creationtimestamp| type| source ---|---|--- 2025-04-20 03:02:00+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12606 2025-04-20 05:55:21+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3ln7xme3jeih2 2025-04-20...

Video Insight Cross-Site Scripting Vulnerability

Video Insight is a video surveillance and management software designed to help organizations monitor and manage their security cameras and video surveillance systems. A security vulnerability exists in Video Insight that stems from the presence of a reflected cross-site scripting vulnerability...

Video Insight Cross-Site Scripting Vulnerability

Video Insight is a video surveillance and management software designed to help organizations monitor and manage their security cameras and video surveillance systems. Video Insight has a security vulnerability that stems from the presence of a stored cross-site scripting vulnerability...

GhostSec Claim Breaching Iranian Govt Surveillance Software Tool

By Habiba Rashid In a move that has caught global attention, the hacktivist group GhostSec announced a successful breach of the… This is a post from HackRead.com Read the original post: GhostSec Claim Breaching Iranian Govt Surveillance Software Tool...

CERT-UA Alerts Ukrainian State Authorities of Remcos Software-Fueled Cyber Attacks

The Computer Emergency Response Team of Ukraine CERT-UA has issued an alert warning of cyber attacks against state authorities in the country that deploy a legitimate remote access software named Remcos. The mass phishing campaign has been attributed to a threat actor it tracks as UAC-0050, with...

ZoneMinder input validation error vulnerability

ZoneMinder is an open source video surveillance software system that supports IP, USB and analog cameras. The system supports IP, USB and analog cameras, etc. ZoneMinder has an input validation error vulnerability, which stems from allowing a user with view system privileges to inject new data in...

ZoneMinder Language Settings Remote Code Execution Exploit

This Metasploit module exploits an arbitrary file write in the debug log file option chained with a path traversal in the language settings that leads to remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 This module requires Metasploit:...

ZoneMinder Language Settings Remote Code Execution

This module exploits arbitrary file write in debug log file option chained with a path traversal in language settings that leads to a remote code execution in ZoneMinder surveillance software versions before 1.36.13 and before 1.37.11 Module Options msf use exploit/unix/webapp/zoneminderlangexec...

ZoneMinder Language Settings Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'ZoneMinder Language Settings Remote Code Execution', 'Description' = %q This module exploits arbitrary file write in debug log file option chaine...

ZoneMinder Remote Code Execution Vulnerability

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A remote code execution vulnerability exists in versions prior to ZoneMinder 1.36.13, which can be exploited by attackers to cause arbitrary code execution...

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57801)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and prior versions, which stems from the program not being properly filtered and could be exploited by remote...

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57841)

ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability that stems from the fact that the program is not properly filtered and can be exploited by remote attackers to execute arbitrary HTML or JavaScript cod...

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57826)

ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability that stems from the fact that the program is not properly filtered and can be exploited by remote attackers with the 'newMonitorMethod' parameter to...

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57831)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and earlier versions, which stems from the fact that the program is not properly filtered and can be exploited by...

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57833)

ZoneMinder is an open source video surveillance software system. ZoneMinder 1.32.3 and earlier versions have a cross-site scripting vulnerability, which stems from the fact that the program is not properly filtered and can be exploited by remote attackers to execute HTML or JavaScript code with t...

ZoneMinder Cross-Site Scripting Vulnerability (CNVD-2022-57805)

ZoneMinder is an open source video surveillance software system. The system supports IP, USB and analog cameras, etc. A cross-site scripting vulnerability exists in ZoneMinder 1.32.3 and earlier versions, which can be exploited by remote attackers with the 'newMonitorV4LCapturesPerFrame' paramete...