Argamal: Malware hidden in hentai games

In April 2026, we discovered a new malware campaign targeting players of "hentai" games. Once launched, the infected games install a previously unknown malicious implant on the user's machine. After a few days, the implant downloads and executes a Trojan, resulting in full system compromise and...

CVE-2026-48235

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracking service XML/JSON responses InstaMapper and Google Latitude integration are concatenated into...

Gazelle 环境问题漏洞

Gazelle is a web framework developed by WhatCD’s developers, designed for private BitTorrent trackers. Versions of Gazelle prior to 0.49 contained an environmental vulnerability, caused by improper handling of HTTP header priorities. This vulnerability could allow attackers to inject malicious HT...

Astra Linux - уязвимость в linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fix misuse of non-idle barriers as fence trackers Users reported oopses on list corruptions when using i915 perf with a number of concurrently running graphics applications. Root cause analysis pointed at an issu...

Revive Adserver: Missing access control when linking trackers to campaigns

A missing access control check was reported when linking trackers to campaigns through the "campaign-trackers.php" script of Revive Adserver 6.0.6 and earlier. A low-privileged user could link their trackers to campaigns owned by other managers on the same instance, resulting in inconsistent...

Tracking the Trackers: Commercial Surveillance Occurring on U.S. Army Networks

Despite current security implementations, Internet activity on DoD networks is susceptible to web trackers and commercial data collection, which have the potential to expose information about service members and unit operations. This report documents the outcomes of a study to characterize web...

[SECURITY] Fedora 43 Update: rust-redlib-0.35.1-10.fc43

Redlib is alternative private front-end to Reddit, with its origins in Libreddit. Redlib hopes to provide an easier way to browse Reddit, without the ads, trackers, and bloat...

AirCatch: Effectively Tracing Advanced Tag-Based Trackers

Tag-based tracking ecosystems help users locate lost items, but can be leveraged for unwanted tracking and stalking. Existing protocol-driven defenses and prior academic solutions largely assume stable identifiers or predictable beaconing. However, identifier-based defenses fundamentally break do...

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

CVE-2026-21641

Revive Adserver CVE-2026-21641 is an authorization bypass in the tracker-delete.php script. Reported by HackerOne, the issue allows users with delete-tracker permissions to delete trackers owned by other accounts. Verified across multiple sources (NVD, RH, CIRCL, CVE List, EUVD, AttackeRKB, etc.)...

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

CVE-2026-21641

HackerOne community member Jad Ghamloush 0xjad has reported an authorization bypass vulnerability in the tracker-delete.php script of Revive Adserver. Users with permissions to delete trackers are mistakenly allowed to delete trackers owned by other accounts...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992932)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992932 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fix misuse of non-idle barriers as fence trackers Users reported oopses on list...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992266)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992266 advisory. In the Linux kernel, the following vulnerability has been resolved: drm/i915/active: Fix misuse of non-idle barriers as fence trackers Users reported oopses on list...

Revive Adserver: Broken Access Control allows advertiser accounts to delete trackers they do not own

Vulnerability description not provided...

EUVD-2019-9504

Malware in sbrugna...

A week in security (September 29 – October 5)

Last week on Malwarebytes Labs: From threats to apology, hackers pull child data offline after public backlash Your Meta AI conversations may come back as ads in your feed Scam Facebook groups send malicious Android malware to seniors Sendit tricked kids, harvested their data, and faked messages,...

EUVD-2025-30204

Malicious code in bioql PyPI...

Tile trackers plagued by weak security, researchers warn

Researchers at the Georgia Institute of Technology scrutinized the security of the popular Tile tracker and came out disappointed. Bluetooth trackers are a steadily growing market, and Life360 is one of the major players. In 2021, Amazon expanded its Sidewalk network to include Tile. That means...