47 matches found
EUVD-2007-1176
Malware in sbrugna...
EUVD-2018-13393
Malware in sbrugna...
EUVD-2000-0989
Malware in sbrugna...
EUVD-2006-0122
Malware in sbrugna...
CVE-2025-49583
XWiki (platform) vulnerability CVE-2025-49583 involves a user without script-right creating a document containing an XWiki.Notifications.Code.NotificationEmailRendererClass object. When an admin later edits and saves that document, the email templates in this object are used for notifications. Th...
CVE-2025-47779
Asterisk is an open-source private branch exchange PBX. Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE RFC 3428 authentication do not get proper alignment. An authenticated attacker...
Spammers abuse Google Forms’ quiz to deliver scams
Spammers are exploiting the "Release scores" feature of Google Forms quizzes to deliver email. The emails originate from Googles own servers and consequently may have an easier time bypassing anti-spam protections and finding the victims inbox. Volumes of these messages hovered near noise levels...
The vulnerability of the Input component in the Google Chrome browser allows attackers to perform spoofing attacks.
The vulnerability of the Input component in Google Chrome browser is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to carry out spam attacks using a specially created HTML page...
SUSE CVE-2015-5331
Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API...
The vulnerability of the Navigation function in Google Chrome and Microsoft Edge browsers allows attackers to carry out spoofing attacks.
The vulnerability of the Navigation function in Google Chrome and Microsoft Edge is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to carry out spam attacks using a specially created HTML page...
The vulnerability of Mozilla Thunderbird’s email client lies in the improper processing of user-input data when dealing with signed and encrypted embedded messages. This allows attackers to perform spamming attacks.
The vulnerability in Mozilla Thunderbird’s email client allows for incorrect processing of user-input data when dealing with signed and encrypted embedded messages. Exploiting this vulnerability can enable a malicious actor to carry out spam attacks by sending specially crafted email messages...
Moodle improper access control
Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API...
GHSA-M7CC-6VHG-39WR Moodle improper access control
Moodle 2.9.x before 2.9.3 does not properly check the contact list before authorizing message transmission, which allows remote authenticated users to bypass intended access restrictions and conduct spam attacks via the messaging API...
New Study Warns of Security Threats Linked to Recycled Phone Numbers
A new academic study has highlighted a number of privacy and security pitfalls associated with recycling mobile phone numbers that could be abused to stage a variety of exploits, including account takeovers, conduct phishing and spam attacks, and even prevent victims from signing up for online...
The vulnerability in the implementation of the Punycode sequence transformation method in Mozilla Firefox browsers allows attackers to perform spamming attacks.
The vulnerability of the Punycode sequence transformation method implemented in Mozilla Firefox browsers is related to the lack of a mechanism for checking input data. Exploiting this vulnerability allows attackers who operate remotely to carry out spam attacks...
2020 Ends With A Bang
December 2020 was an eventful month in cyber security. This blog recaps three of the major security events we saw towards the end of last year. December began with FireEye’s breach announcement that included a leak of its red team tools arsenal. Quickly after this announcement, Imperva Threat...
'Double Extortion' Ransomware Attacks Spike
Victims of ransomware attacks now face a double whammy of headaches. Cybercriminals are increasingly inflicting more pain on ransomware victims by threatening to leak compromised data or use it in future spam attacks, if ransom demands aren’t met. The ransomware tactic, call “double extortion,”...
The vulnerability of the Skype for Business Server’s instant messaging program, related to errors in information presentation by the user interface, allows attackers to carry out spoofing attacks.
The vulnerability of the Skype for Business Server’s instant messaging program is related to errors in information representation by the user interface. Exploiting this vulnerability can allow attackers to perform spam attacks remotely...
CVE-2018-20853
An issue was discovered in the MailPoet Newsletters aka wysija-newsletters plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks...
CVE-2018-20853
An issue was discovered in the MailPoet Newsletters aka wysija-newsletters plugin before 2.8.2 for WordPress. The plugin is vulnerable to SPAM attacks...