CVE-2026-ThreemaWeb-PrototypePollution

CVE-2026-XXXXX: Threema Web Prototype Pollution via URI Query...

EUVD-2023-0309

Malicious code in bioql PyPI...

Malicious code in threema-desktop (npm)

The package threema-desktop was found to contain malicious code...

MAL-2025-36840 Malicious code in threema-desktop (npm)

The package threema-desktop was found to contain malicious code...

Security Analysis of Threema

A group of Swiss researchers have published an impressive security analysis of Threema. We provide an extensive cryptographic analysis of Threema, a Swiss-based encrypted messaging application with more than 10 million users and 7000 corporate customers. We present seven different attacks against...

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat...

Expert Analysis Reveals Cryptographic Weaknesses in Threema Messaging App

A comprehensive analysis of the cryptographic protocols used in the Swiss encrypted messaging application Threema has revealed a number of loopholes that could be exploited to break authentication protections and even recover users' private keys. The seven attacks span three different threat...

Zip4j Origin Validation Error

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive. This issue has been fixed in version 2.11.3...

DEBIAN-CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

CVE-2023-22899

Zip4j through 2.11.2, as used in Threema and other products, does not always check the MAC when decrypting a ZIP archive...

Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages

Twitter chief executive Elon Musk confirmed plans for end-to-end encryption E2EE for direct messages on the platform. The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments,...

Beware: New Android Spyware Found Posing as Telegram and Threema Apps

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017,...

Beware: New Android Spyware Found Posing as Telegram and Threema Apps

A hacking group known for its attacks in the Middle East, at least since 2017, has recently been found impersonating legitimate messaging apps such as Telegram and Threema to infect Android devices with a new, previously undocumented malware. "Compared to the versions documented in 2017,...

New FinSpy iOS and Android implants revealed ITW

Updated: 23.07.2019 After publication of this article, we received a letter from a representative of Gamma Group International Ltd. stating that they disposed of all interests in FinFisher FinSpy in 2013. This article has been corrected in accordance with this new information. According to...

Threema Web Detection (HTTP)

Detection of Threema Web. The script sends a connection request to the server and attempts to identify an installed Threema Web from the reply. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective righ...

b2b (=0.1.0), discord (>=0.7.0 <=0.8.1) +12 more potentially affected by CVE-2017-1000168 via sodiumoxide (>=0.0.10 <=0.0.13)

sodiumoxide CARGO version =0.0.10, =0.7.0, =9.0.0, =1.0.5, =1.0.0, =0.1.0, =0.0.1, =0.0.1, =0.5.1, =0.1.0, =0.0.1-prealpha.1, =0.1.0, =0.2.0 Source cves: CVE-2017-1000168 Source advisory: OSV:RUSTSEC-2017-0001...

Data Leaking 'Surreptitious Sharing' Vulnerability Identified in Android API

Researchers have identified a vulnerability in an Android API used by messaging apps such as Skype and perhaps more concerning, privacy-centric apps such as Signal, and Telegram, that could lead to privilege escalation and data loss including private keys. Dominik Schürmann and Lars Wolf,...

Threema QR Scanner Plugin - Exported components vulnerabilities

HackApp vulnerability scanner discovered that application Threema QR Scanner Plugin published at the 'play' market has multiple vulnerabilities...