Nextcloud: SMIL values and by attributes bypass remote image blocking via unvalidated resource-loading animations, enabling email tracking without consent

A vulnerability was discovered in the HTML sanitizer of the Roundcube webmail client. The vulnerability allowed attackers to bypass the "Block remote images" security feature by using SMIL animation attributes to load arbitrary external resources without validation. This could have enabled email...

📄 Roundcube Webmail SVG Tracking

Roundcube's HTML sanitizer doesn't treat SVG feImage href as an image source. Attackers can bypass remote image blocking to track email opens. Roundcube Webmail , , and , but not on . Its href went through the wrong code path and got allowed through. Attackers could track email opens even when...

Nextcloud: SVG filter primitives bypass remote image blocking, enabling email tracking without consent.

A vulnerability was discovered in the HTML sanitizer of the Roundcube webmail application. The sanitizer did not properly handle the SVG filter primitive, allowing external resources to be loaded even when the "Block remote images" setting was enabled. This vulnerability could be used to track...

EUVD-2016-5824

Malware in sbrugna...

EUVD-2018-0034

Malware in sbrugna...

EUVD-2015-7675

Malware in sbrugna...

EUVD-2018-0033

Malware in sbrugna...

How an Email, Crypto Wallet and YouTube Activity Led the FBI to IntelBroker

FBI tracked IntelBroker as UK’s Kai West using an email address, crypto trails, YouTube activity and forum posts after dozens of high-profile data breaches and darknet activity...

CVE-2025-3932 Tracking Links in Attachments Bypassed Remote Content Blocking

It was possible to craft an email that showed a tracking link as an attachment. If the user attempted to open the attachment, Thunderbird automatically accessed the link. The configuration to block remote content did not prevent that. Thunderbird has been fixed to no longer allow access to web...

Cybercriminals Exploit CSS to Evade Spam Filters and Track Email Users' Actions

Malicious actors are exploiting Cascading Style Sheets CSS, which are used to style and format the layout of web pages, to bypass spam filters and track users' actions. That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and...

DNS Tunneling Used for Stealthy Scans and Email Tracking

By Deeba Ahmed Hackers are hiding malicious messages in everyday internet traffic! Learn how DNS tunneling works and how to protect yourself from this sneaky cyberattack. Stop hackers from scanning your network and tracking your clicks. This is a post from HackRead.com Read the original post: DNS...

django-anymail Includes Sensitive Information in Log Files

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...

Apple Mail Now Blocks Email Tracking. Here’s What That Means

If you don’t like marketers or anyone else knowing when and where you read your email, Apple’s feature will help you reclaim some privacy...

Cross-site Scripting (XSS) - Stored

Description Email tracking pixel hits store the user agent of the browser / mail client that opens the email. That user agens is not sanitised on input, but also not escaped on output in the template. This allows anonymous users to store XSS payloads in the timeline on their contact page Proof of...

goCabrito - Super Organized And Flexible Script For Sending Phishing Campaigns

Super organized and flexible script for sending phishing campaigns. Features Sends to a single email Sends to lists of emails text Sends to lists emails with first, last name csv Supports attachments Splits emails in groups Delays sending emails between each group Support Tags to be placed and...

Anymail django-anymail Information Disclosure Vulnerability

Anymail django-anymail is a set of multiple transactional e-mail service provider integrated into Django open source e-mail system . A security vulnerability exists in the WEBHOOKAUTHORIZATION setting value in Anymail django-anymail versions 0.2 through 1.3. An attacker can exploit this...

CVE-2018-1000089

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...

CVE-2018-1000089

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...

PYSEC-2018-46

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...

Design/Logic Flaw

Anymail django-anymail version version 0.2 through 1.3 contains a CWE-532, CWE-209 vulnerability in WEBHOOKAUTHORIZATION setting value that can result in An attacker with access to error logs could fabricate email tracking events. This attack appear to be exploitable via If you have exposed your...