Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally. "Threat actors have leveraged this vector to deliver a wide variety of...

AZL-40466 CVE-2024-34069 affecting package python-werkzeug for versions less than 2.3.7-2

Werkzeug is a comprehensive WSGI web application library. The debugger in affected versions of Werkzeug can allow an attacker to execute code on a developer's machine under some circumstances. This requires the attacker to get the developer to interact with a domain and subdomain they control, an...

CVE-2019-16949

An issue was discovered in Enghouse Web Chat 6.1.300.31 and 6.2.284.34. A user is allowed to send an archive of their chat log to an email address specified at the beginning of the chat where the user enters in their name and e-mail address. This POST request can be modified to change the message...

EvilURL v2.0 - An Unicode Domain Phishing Generator for IDN Homograph Attack

Generate unicode evil domains for IDN Homograph Attack and detect them. PREREQUISITES python 3.x for evilurl3.py TESTED ON:Kali Linux - ROLLING EDITION CLONE git clone https://github.com/UndeadSec/EvilURL.git RUNNING cd EvilURL python3 evilurl.py CHANGELOG Full script updated to Python 3.x Python...