Hacker Behind Wired.com Leak Now Selling Full 40M Condé Nast Records

A hacker claims to be selling nearly 40 million Condé Nast user records after leaking Wired.com data, with multiple major brands allegedly affected...

CVE-2010-0141

MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly 5, allows remote attackers to discover usernames, passwords, and unspecified other data from the user database via a modified authentication sequence to the Audio Server, aka Bug ID CSCsv76935...

CVE-2025-61114

2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...

CVE-2025-61114

The CVE-2025-61114 entry concerns AutoBizLine’s 2nd Line Android App (v1.2.92 and earlier; package com.mysecondline.app). A single-token-character validation flaw in the authentication server enables token-guessing/brute-forcing and unauthorized access to other users’ data, constituting an improp...

EUVD-2021-14157

Malware in sbrugna...

EUVD-2025-5884

Malicious code in bioql PyPI...

EUVD-2023-12507

Malicious code in bioql PyPI...

EUVD-2024-49519

Malicious code in bioql PyPI...

EUVD-2025-1601

Malicious code in bioql PyPI...

A week in security (July 28 – August 3)

Last week on Malwarebytes Labs: Apple ID scam leads to $27,000 in-person theft of Ohio man OpenAI kills "short-lived experiment" where ChatGPT chats could be found on Google Trump Administration and Big Tech want you to share your health data Prison visitor details shared with all inmates at...

Open redirect

An unauthenticated attacker over the network can attach to an open interface exposed through JNDI by the User Defined Search UDS of SAP NetWeaver Process Integration PI - version 7.50 and make use of an open naming and directory API to access services which can be used to perform unauthorized...

Booked < 2.2.6 - Broken Authentication to Export Users Data in CSV

The plugin allows users to Book Appointment by providing their PII such as Email, Name, Phone Number and Personal Message. The vulnerability allows anyone to Dump all records of users and their appointment details in CSV as an unauthenticated user. The user also gets registered as a WP User after...

A week in security (January 20 – 26)

Last week on Malwarebytes Labs, we reported on a Ryuk ransomware attack on The Tampa Bay Times, a newspaper in Florida; unmasked an elaborate browser locking scheme behind the more advanced tech support operations that are currently active; and looked at the latest laws on regulating deepfakes...

Comodo Forums Hack Exposes 245,000 Users' Data — Recent vBulletin 0-day Used

If you have an account with the Comodo discussion board and support forums, also known as ITarian Forum, you should change your password immediately. Cybersecurity company Comodo has become one of the major victims of a recently disclosed vBulletin 0-day vulnerability, exposing login account...

Nextcloud: Access to all files of remote user through shared file

Steps to reproduce 1. User A shares a file "movie.mp4" with user B. 2. User B uses webdav to access files e.g. foldersync or nautilus 3. share is shown as regular file using webdav. 4. Copy the file and paste it to the same folder still using webdav. 5. A new folder will appear with the name...

ShopEx某些服务器存在任意代码执行漏洞(可泄漏用户交易数据)

简要描述： 可执行命令，查看源码！ 详细说明： php cgi漏洞 http://shop322763.p13.shopex.cn/ 漏洞证明： http://shop322763.p13.shopex.cn/?-s http://shop319398.p09.shopex.cn/?-s http://shop317459.p21.shopex.cn/?-s 尝试执行PHP代码，虽然有openbasedir，disablefunctions的限制，不过我能直接CGI方式给PHP传参，这些限制自然不在话下，bypass之。 影响的用户太多了，厂商还是自查吧。。。...

Defence.pk Gets Hacked pr0tect0r A.K.A. mrNRG

Defence.pk Gets Hacked pr0tect0r A.K.A. mrNRG Defence.pk An independent defence organization committed to the research and analysis of Pakistan's security and strategic affairs Hacked by Indian Hacker pr0tect0r A.K.A. mrNRG. Defence.PK, one of the largest and most active Pakistani forum on...

Welt.de hacked - Credit Card info of 30264 users Compromised

Welt.de hacked - Credit Card info of 30264 users Compromised Welt.de hacked using an SQL Injection https://boot24.welt.de/indexwelt..php?ac =. The Hacker was deeply penetrate into the infrastructure of the Website and copy number information from the database of MySQL. He has published the links ...

ACER Hacked : 40,000 Users Data, Source Codes & Server Compromised

ACER Hacked : 40,000 Users Data, Source Codes & Server Compromised Update : THN Report : ACER hacked because of their own stupidity This Week is Really with great UP-DOWNS in Cyber World. Mega hacks like Sony Pictures hacked, Chinese Hacker Cracks 100's of Gmail accounts , Public Broadcasting...

Ero Auktion 2.0 - &#039;news.php&#039; SQL Injection

----------------------------Information---------------------------------------- +Autor : Easy Laster +Date : 21.10.2010 +Script : Ero Auktion V.2.0 SQL Injection news.php +Download : ----- +Price : 34,90€ +Language :PHP +Discovered by Easy Laster +Security Group 4004-Security-Project +Greetz to...