The Vercel Breach: OAuth Supply Chain Attack Exposes the Hidden Risk in Platform Environment Variables

An OAuth supply chain compromise at Vercel exposed how trusted third party apps and platform environment variables can bypass traditional defenses and amplify blast radius. This article examines the attack chain, underlying design tradeoffs, and what it reveals about modern PaaS and software supp...

New Research: 64% of 3rd-Party Applications Access Sensitive Data Without Justification

Research analyzing 4,700 leading websites reveals that 64% of third-party applications now access sensitive data without business justification, up from 51% in 2024. Government sector malicious activity spiked from 2% to 12.9%, while 1 in 7 Education sites show active compromise. Specific...

CVE-2021-22399

The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product...

CVE-2025-14817

The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...

CVE-2025-14817 Factory Mode App Exists Privilege Escalation Issue Allowing Third-Party Apps to Open ADB

The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...

CVE-2025-14817 Factory Mode App Exists Privilege Escalation Issue Allowing Third-Party Apps to Open ADB

The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...

PT-2025-51818

The component com.transsion.tranfacmode.entrance.main.MainActivity in com.transsion.tranfacmode has no permission control and can be accessed by third-party apps which can construct intents to directly open adb debugging functionality without user interaction...

EUVD-2018-18346

Malware in sbrugna...

EUVD-2016-1326

Malware in sbrugna...

EUVD-2021-23708

Malware in sbrugna...

EUVD-2017-11667

Malware in sbrugna...

EUVD-2014-4289

Malware in sbrugna...

EUVD-2016-1327

Malware in sbrugna...

EUVD-2023-38267

Malicious code in bioql PyPI...

EUVD-2022-36011

Malicious code in bioql PyPI...

EUVD-2023-48480

Malicious code in bioql PyPI...

EUVD-2022-41555

Malicious code in bioql PyPI...

EUVD-2023-48485

Malicious code in bioql PyPI...

EUVD-2023-38254

Malicious code in bioql PyPI...

EUVD-2021-28849

Malicious code in bioql PyPI...