EUVD-2014-5612

Malware in sbrugna...

MAL-2025-1501 Malicious code in truecaller-profile-validation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55408360c27ab729757f91541958607c4d4d284218d7250e8e785134f1fb9402 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in truecaller-profile-validation (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 55408360c27ab729757f91541958607c4d4d284218d7250e8e785134f1fb9402 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Truecaller : Lack of URL Validation in avatarUrl at /v4/profile

The endpoint "profile4-noneu.truecaller.com/v4/profile" was found to have a lack of URL validation in the "avatarUrl" parameter. The validation only checked if the URL started with "https" and contained the string "images-noneu.truecallerstatic.com", allowing attackers to craft fake URLs by addin...

More than a quarter of Americans fell for robocall scam calls in past year

More and more Americans have been falling victim to phone scams since 2019. According to the latest report from Truecaller Google Docs upload of the entire report, separate blog here, a known spam blocker and caller ID app, 68.4 million Americans were victimized in the last 12 months, a substanti...

Alleged data of 47.5 million Truecaller Indian users sold online

By Sudais Asif Truecaller has something to say about the breach. This is a post from HackRead.com Read the original post: Alleged data of 47.5 million Truecaller Indian users sold online...

FCC Addresses Robocalling – But Questions Remain

Robocalls and text spam – often in the service of widespread fraud campaigns – continue to persist, dogging consumers despite the existence of the national Do Not Call registry and efforts like the Truth in Caller ID Act. In an effort to alleviate the situation, Federal Communications Commission...

get.truecaller.com XSS vulnerability

Open Bug Bounty ID: OBB-456041 Description| Value ---|--- Affected Website:| get.truecaller.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Truecaller: Caller ID & Dialer - Customized SSL, Dangerous filesystem permissions, Exported ContentProvider vulnerabilities

HackApp vulnerability scanner discovered that application Truecaller: Caller ID & Dialer published at the 'play' market has multiple vulnerabilities...

TrueCaller Patches Information Leak in Android App

Researchers are encouraging Android users who may have downloaded a popular caller identification application to update, as a previous version of the app inadvertently leaked user information. The app, Truecaller, specializes in phone call management and has been installed at least 100,000,000...

Remotely Exploitable Bug in Truecaller Puts Over 100 Million Users at Risk

Security researchers have discovered a remotely exploitable vulnerability in Called ID app "Truecaller" that could expose personal details of Millions of its users. Truecaller is a popular service that claims to "search and identify any phone number," as well as helps users block incoming calls o...

Truecaller search limit bypass and gathering information Exploit

this exploit will bypass the truecaller and get the datas of the user and phone number fully automated exploit to extract the data Usage Info 1.save file first as truecaller.py and send as generator.py 2.the run the program and enter the value what it asked and wait for few min the process will g...

CVE-2014-5725

The Truecaller - Caller ID & Block aka com.truecaller application 4.32 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Design/Logic Flaw

The Truecaller - Caller ID & Block aka com.truecaller application 4.32 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-5725

CVE-2014-5725 affects the Android app Truecaller (com.truecaller) at version 4.32, where SSL/TLS certificates from servers are not verified. This allows a man-in-the-middle to spoof servers and access sensitive data via a crafted certificate, impacting confidentiality and integrity as described i...

CVE-2014-5725

The Truecaller - Caller ID & Block aka com.truecaller application 4.32 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

Daily Dot News portal hacked by Syrian Electronic Army with phishing attack

Pro-Assad hacker group the Syrian Electronic Army claims to have breached the online news portal "Daily Dot" and deleted an article with a caricature of Syrian President Bashar al-Assad. SEA hackers gave an advance warning to Daily Dot editorial team via twitter, said "Dear @dailydot, please remo...

Daily Dot News portal hacked by Syrian Electronic Army with phishing attack

Pro-Assad hacker group the Syrian Electronic Army claims to have breached the online news portal "Daily Dot" and deleted an article with a caricature of Syrian President Bashar al-Assad. SEA hackers gave an advance warning to Daily Dot editorial team via twitter, said "Dear @dailydot, please remo...

Massive Database from Tango messenger server hacked by Syrian Electronic Army

Syrian Electronic Army SEA, hacking group known for cyber attacks against the anti-Syrian websites, has claimed that it has hacked the website of messaging application, Tango tango.me, that includes hundreds of millions of electronic and voice data over the Internet. Hacker group tweeted a messag...

Millions of Phonebook records stolen from Truecaller Database

TrueCaller, a popular app built by a Swedish company and world's largest collaborative phone directory compromised by Syrian Electronic Army hackers. Truecaller was running an outdated version 3.5.1 of blogging software WordPress for its web interface and there are millions of Phonebook records...