Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number

The examples in this post are actual fraud attempts found by Malwarebytes Senior Director of Research, Jérôme Segura. Cybercriminals frequently use fake search engine listings to take advantage of our trust in popular brands, and then scam us. It often starts, as with so many attacks, with a...

SQL Injection Vulnerability in Multimedia Integrated Service Display System of Beijing Shenzhou Vision Han Technology Co., Ltd (CNVD-C-2025-321946)

Ltd. is a deep-rooted enterprise in the field of visualization. A SQL injection vulnerability exists in the multimedia integrated business display system of Beijing Divine Vision Han Technology Co. Ltd, which can be exploited by attackers to obtain sensitive information from the database...

CVE-2025-49449

creationtimestamp| type| source ---|---|--- 2025-06-06 14:56:20+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqx3rh4vjr2s...

Microsoft Helps CBI Dismantle Indian Call Centers Behind Japanese Tech Support Scam

India's Central Bureau of Investigation CBI has revealed that it has arrested six individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency said it conducted...

Important: Red Hat Security Advisory: Red Hat Developer Hub 1.5.2 release.

Red Hat Developer Hub 1.5.2 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

CVE-2025-4053

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the...

The Privacy-Friendly Tech to Replace Your US-Based Email, Browser, and Search

Thanks to drastic policy changes in the US and Big Tech’s embrace of the second Trump administration, many people are moving their digital lives abroad. Here are a few options to get you started...

CVE-2025-4053

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the...

CVE-2025-4053

Be-Tech Mifare Classic card systems are affected. The root cause is that data stored on the Mifare Classic cards is in cleartext, enabling an attacker with a guest card to craft a master key card that can unlock all locks in the building. Affected component: Be-Tech Mifare Classic cards and assoc...

CVE-2025-4053 Unauthorized creation of master key in Mifare Classic Be-Tech cards

The data stored in Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a master key card that unlocks all the locks in the building. This issue affects all Be-Tech Mifare Classic card systems. To fix the...

PT-2025-22891 · Be Tech · Be-Tech Mifare Classic

Name of the Vulnerable Software and Affected Versions: Be-Tech Mifare Classic card systems affected versions not specified Description: The data stored in the Be-Tech Mifare Classic card is stored in cleartext. An attacker having access to a Be-Tech hotel guest Mifare Classic card can create a...

Be-Tech Mifare Classic cards 安全漏洞

Be-Tech Mifare Classic cards are a line of electronic cards from Be-Tech. A security vulnerability exists in Be-Tech Mifare Classic cards that stems from the explicit storage of data, which could lead to the creation of master key cards...

CVE-2024-20491

A vulnerability in a logging function of Cisco Nexus Dashboard Insights could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because remote controller credentials are recorded in an internal log that is stored in the tech support file...

CVE-2024-28275

Puwell Cloud Tech Co, Ltd 360Eyes Pro v3.9.5.163090516 was discovered to transmit sensitive information in cleartext. This vulnerability allows attackers to intercept and access sensitive information, including users' credentials and password change requests...

CVE-2024-22048

govuktechdocs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page...

CVE-2024-32096

Cross-Site Request Forgery CSRF vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2...

CVE-2024-49290

Cross-Site Request Forgery CSRF vulnerability in Gora Tech LLC Cooked Pro allows Cross Site Request Forgery.This issue affects Cooked Pro: from n/a before 1.8.0...

CVE-2024-12990

A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been classified as problematic. This affects an unknown part of the file /user/admin-verify of the component Admin Verification Page. The manipulation of the argument nexturl with the input http://localhost/evil.html leads to open...

CVE-2024-20490

A vulnerability in a logging function of Cisco Nexus Dashboard Fabric Controller NDFC and Cisco Nexus Dashboard Orchestrator NDO could allow an attacker with access to a tech support file to view sensitive information. This vulnerability exists because HTTP proxy credentials could be recorded in ...

CVE-2024-55407

An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests...