4.8 звезды, миллион установок, 300 тысяч украденных долларов. Как отличить поддельное приложение от оригинала
Практическое руководство по проверке приложений в Google Play и App Store.
Aggregator
Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets
2 months 3 weeks ago
A convincing fake website posing as the popular Mac utility CleanMyMac is actively pushing dangerous macOS malware called SHub Stealer onto unsuspecting users. The site, hosted at cleanmymacos[.]org, has no connection to the real CleanMyMac software or its developers, MacPaw. Once inside a system, SHub Stealer harvests saved passwords, browser data, Apple Keychain contents, cryptocurrency […]
The post Hackers Use Fake CleanMyMac Site to Deploy SHub Stealer and Hijack Crypto Wallets appeared first on Cyber Security News.
Tushar Subhra Dutta
BoryptGrab Stealer Spreads via Fake GitHub Repositories, Stealing Browser and Crypto Wallet Data
2 months 3 weeks ago
A new data-stealing malware called BoryptGrab has been quietly spreading across Windows systems through a network of fake GitHub repositories, tricking users into downloading what appear to be popular free software tools. The campaign, which has been active since at least April 2025, uses search engine manipulation to make these malicious repositories look legitimate, luring […]
The post BoryptGrab Stealer Spreads via Fake GitHub Repositories, Stealing Browser and Crypto Wallet Data appeared first on Cyber Security News.
Tushar Subhra Dutta
CVE-2025-48653 | Google Android 14/15/16/16-qpr2 loadDataAndPostValue permission (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability identified as critical has been detected in Google Android 14/15/16/16-qpr2. This affects the function loadDataAndPostValue. The manipulation leads to permission issues.
This vulnerability is referenced as CVE-2025-48653. The attack can only be performed from a local environment. No exploit is available.
It is recommended to apply a patch to fix this issue.
vuldb.com
CVE-2025-48650 | Google Android 14/15/16 sql injection (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability was found in Google Android 14/15/16. It has been declared as critical. Impacted is an unknown function. Such manipulation leads to sql injection.
This vulnerability is uniquely identified as CVE-2025-48650. The attack can be launched remotely. No exploit exists.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2025-48644 | Google Android 14/15/16/16-qpr2 denial of service (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability categorized as problematic has been discovered in Google Android 14/15/16/16-qpr2. The impacted element is an unknown function. Executing a manipulation can lead to denial of service.
The identification of this vulnerability is CVE-2025-48644. The attack can only be executed locally. There is no exploit available.
It is best practice to apply a patch to resolve this issue.
vuldb.com
CVE-2025-48642 | Google Android 14/15/16/16-qpr2 payload.rs jump_to_payload information disclosure (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability labeled as problematic has been found in Google Android 14/15/16/16-qpr2. This impacts the function jump_to_payload of the file payload.rs. The manipulation results in information disclosure.
This vulnerability is identified as CVE-2025-48642. The attack is only possible with local access. There is not any exploit available.
Applying a patch is advised to resolve this issue.
vuldb.com
CVE-2025-48646 | Google Android 14/15/16/16-qpr2 ActivityStarter.java executeRequest confused deputy (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability classified as problematic has been found in Google Android 14/15/16/16-qpr2. Affected by this issue is the function executeRequest of the file ActivityStarter.java. Performing a manipulation results in unintended intermediary.
This vulnerability is cataloged as CVE-2025-48646. The attack must be initiated from a local position. There is no exploit available.
To fix this issue, it is recommended to deploy a patch.
vuldb.com
CVE-2025-48645 | Google Android 14/15/16/16-qpr2 DeviceAdminInfo.java loadDescription input validation (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability classified as problematic was found in Google Android 14/15/16/16-qpr2. This affects the function loadDescription of the file DeviceAdminInfo.java. Executing a manipulation can lead to improper input validation.
This vulnerability is registered as CVE-2025-48645. The attack needs to be launched locally. No exploit is available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2025-48630 | Google Android 14/15/16/16-qpr2 SkiaRenderEngine.cpp drawLayersInternal information disclosure (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability was found in Google Android 14/15/16/16-qpr2 and classified as problematic. Affected by this vulnerability is the function drawLayersInternal of the file SkiaRenderEngine.cpp. Executing a manipulation can lead to information disclosure.
This vulnerability is handled as CVE-2025-48630. It is possible to launch the attack on the local host. There is not any exploit available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2025-48634 | Google Android 14/15/16 WindowManagerService.java relayoutWindow permission (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability described as critical has been identified in Google Android 14/15/16. This affects the function relayoutWindow of the file WindowManagerService.java. The manipulation results in permission issues.
This vulnerability is cataloged as CVE-2025-48634. The attack must be initiated from a local position. There is no exploit available.
It is advisable to implement a patch to correct this issue.
vuldb.com
CVE-2025-48641 | Google Android 14/15/16/16-qpr2 Nfc.h use after free (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Google Android 14/15/16/16-qpr2. Affected by this issue is some unknown functionality in the library Nfc.h. Executing a manipulation can lead to use after free.
This vulnerability appears as CVE-2025-48641. The attack requires local access. There is no available exploit.
Applying a patch is advised to resolve this issue.
vuldb.com
CVE-2025-48635 | Google Android 14/15 TaskFragmentOrganizerController.java information disclosure (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability was found in Google Android 14/15. It has been classified as problematic. This issue affects some unknown processing of the file TaskFragmentOrganizerController.java. This manipulation causes information disclosure.
This vulnerability is handled as CVE-2025-48635. It is possible to launch the attack on the local host. There is not any exploit available.
To fix this issue, it is recommended to deploy a patch.
vuldb.com
CVE-2025-48619 | Google Android 14/15/16 ContentProvider.java information disclosure (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability classified as problematic has been found in Google Android 14/15/16. This issue affects some unknown processing of the file ContentProvider.java. The manipulation leads to information disclosure.
This vulnerability is listed as CVE-2025-48619. The attack must be carried out locally. There is no available exploit.
It is suggested to install a patch to address this issue.
vuldb.com
Are We Ready for Auto Remediation With Agentic AI?
2 months 3 weeks ago
With the rapid innovations in AI, we are entering an exciting era of automated risk remediation. Learn about security team readiness to leverage agentic AI for threat and exposure management.
Melinda Marks
INC
2 months 3 weeks ago
You must login to view this content
cohenido
INC
2 months 3 weeks ago
You must login to view this content
cohenido
INC
2 months 3 weeks ago
You must login to view this content
cohenido
Survey: CISOs Continue to Struggle to Strike Right Risk Balance
2 months 3 weeks ago
A survey of 422 CISOs finds that while well over half (61%) believe their organizations are highly competent when it comes to cybersecurity and cyber resilience, less than half (45%) said their organization’s risk appetite is effectively aligned with cybersecurity risk management even though 57% claimed their communications channels with the line of business units..
The post Survey: CISOs Continue to Struggle to Strike Right Risk Balance appeared first on Security Boulevard.
Michael Vizard
CVE-2025-48609 | Google Android 14/15/16 MmsProvider.java denial of service (WID-SEC-2026-0569)
2 months 3 weeks ago
A vulnerability classified as problematic was found in Google Android 14/15/16. Affected is an unknown function of the file MmsProvider.java. Such manipulation leads to denial of service.
This vulnerability is documented as CVE-2025-48609. The attack needs to be performed locally. There is not any exploit available.
It is best practice to apply a patch to resolve this issue.
vuldb.com