Sextortion “I recorded you” emails reuse passwords found in disposable inboxes

Our malware removal support team recently flagged a new wave of sextortion emails, with the subject line: “You pervert, I recorded you!” If the message sounds familiar, that's because it's a variation of the long-running "Hello pervert" scam. The email claims the target’s device has been infected...

EUVD-2021-11591

Malware in sbrugna...

EUVD-2025-8176

Malicious code in bioql PyPI...

EUVD-2025-5631

Malicious code in bioql PyPI...

CVE-2025-48102

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership gourl-bitcoin-payment-gateway-paid-downloads-membership allows Stored XSS.This issue affects GoUrl Bitcoin Payment Gateway & Paid...

CVE-2022-4118

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users...

CVE-2021-24679

The Bitcoin / AltCoin Payment Gateway for WooCommerce WordPress plugin before 1.6.1 does not escape the 's' GET parameter before outputting back in the All Masking Rules page, leading to a Reflected Cross-Site Scripting issue...

U.S. Charges Yemeni Hacker Behind Black Kingdom Ransomware Targeting 1,500 Systems

The U.S. Department of Justice DoJ on Thursday announced charges against a 36-year-old Yemeni national for allegedly deploying the Black Kingdom ransomware against global targets, including businesses, schools, and hospitals in the United States. Rami Khaled Ahmed of Sana'a, Yemen, has been charg...

“I sent you an email from your email account,” sextortion scam claims

In a new version of the old “Hello pervert” emails, scammers are relying on classic email spoofing techniques to try and convince victims that they have lost control of their email account and computer systems. Email spoofing basically comes down to sending emails with a false sender address, a...

CVE-2025-26541

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Reflected XSS.This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through =...

CVE-2025-26541

CVE-2025-26541 affects the WordPress plugin Bitcoin / AltCoin Payment Gateway for WooCommerce (and Multivendor store)

CVE-2025-26541 WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce plugin <= 1.7.6 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce allows Reflected XSS. This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through 1.7.6...

Fake BianLian Ransomware Letters in Circulation

At a glance: The FBI is warning of a mail-based fraud involving letters sent to businesses in the U.S. These letters resemble online ransomware notes demanding payment via Bitcoin. Rapid7 examined a mail-based ransom demand sent to a customer from a local postcode. There is no evidence that any o...

Fake BianLian Ransomware Letters in Circulation

At a glance: The FBI is warning of a mail-based fraud involving letters sent to businesses in the U.S. These letters resemble online ransomware notes demanding payment via Bitcoin. Rapid7 examined a mail-based ransom demand sent to a customer from a local postcode. There is no evidence that any o...

CVE-2025-26535

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in CodeSolz Bitcoin / AltCoin Payment Gateway for WooCommerce woo-altcoin-payment-gateway allows Blind SQL Injection.This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a...

CVE-2025-26535

CVE-2025-26535 is a SQL Injection vulnerability in WordPress plugin Bitcoin / AltCoin Payment Gateway for WooCommerce (and Multivendor store). Affected versions are up to 1.7.6. The issue permits Blind SQL Injection (per CVE description) with a CVSS v3.1 base score of 9.3 (CRITICAL, NETW/LOW). Co...

CVE-2025-26535 WordPress Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop plugin <= 1.7.6 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in NotFound Bitcoin / AltCoin Payment Gateway for WooCommerce allows Blind SQL Injection. This issue affects Bitcoin / AltCoin Payment Gateway for WooCommerce: from n/a through 1.7.6...

WordPress plugin Bitcoin / AltCoin Payment Gateway for WooCommerce SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Bitcoin / AltCoin Payment...

Beware: 1,000+ Fake Cryptocurrency Sites Trap Users in Bogus Rewards Scheme

A previously undetected cryptocurrency scam has leveraged a constellation of over 1,000 fraudulent websites to ensnare users into a bogus rewards scheme since at least January 2021. "This massive campaign has likely resulted in thousands of people being scammed worldwide," Trend Micro researchers...

CVE-2022-4118 Bitcoin / AltCoin Payment Gateway <= 1.7.1 - Unauthenticated SQLi

The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users...