Microsoft Warns Misconfigured Email Routing Can Enable Internal Domain Phishing

Threat actors engaging in phishing attacks are exploiting routing scenarios and misconfigured spoof protections to impersonate organizations' domains and distribute emails that appear as if they have been sent internally. "Threat actors have leveraged this vector to deliver a wide variety of...

Doxers Posing as Cops Are Tricking Big Tech Firms Into Sharing People’s Private Data

A spoofed email address and an easily faked document is all it takes for major tech companies to hand over your most personal information...

Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks

Phishing campaign: Scammers sent over 40,000 spoofed SharePoint, DocuSign and e-sign emails to companies, hiding malicious links behind trusted redirect services...

EUVD-2024-0215

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2024-27305

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel...

Attackers Hide JavaScript in SVG Images to Lure Users to Malicious Sites

Beware! SVG images are now being used with obfuscated JavaScript for stealthy redirect attacks via spoofed emails. Get insights from Ontinue's latest research on detection and defence...

RLSA-2025:1292 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Memory safety bugs fixed in Firefox 135, Thunderbird 135, Firefox ESR 128.7, and Thunderbird 128.7 CVE-2025-1017 firefox: thunderbird: Use-after-free in Custom Highlight CVE-2025-1010 firefox:...

JetBrains YouTrack 安全漏洞

JetBrains YouTrack is a project management tool developed by the Czech company JetBrains that supports cloud hosting and local deployment. JetBrains YouTrack suffers from a security vulnerability that stems from account takeover via spoofed emails and Helpdesk integration. No details of the...

postfix: SMTP smuggling vulnerability

A flaw was found in some SMTP server configurations in Postfix. This flaw allows a remote attacker to break out email message data to "smuggle" SMTP commands and send spoofed emails that pass SPF checks. Out of the box, Postfix targets to accommodate older clients with faulty SMTP implementations...

CVE-2024-3676

The Proofpoint Encryption endpoint of Proofpoint Enterprise Protection contains an Improper Input Validation vulnerability that allows an unauthenticated remote attacker with a specially crafted HTTP request to create additional Encryption user accounts under the attacker's control. These account...

CVE-2024-3676

The CVE-2024-3676 entry affects Proofpoint Encryption endpoint within Proofpoint Enterprise Protection. It is an Improper Input Validation vulnerability that allows an unauthenticated remote attacker to craft an HTTP request to create additional Encryption user accounts under the attacker’s contr...

PT-2024-27152 · Proofpoint · Proofpoint Enterprise Protection

Name of the Vulnerable Software and Affected Versions: Proofpoint Enterprise Protection affected versions not specified Description: The issue allows an unauthenticated remote attacker to create additional Encryption user accounts with a specially crafted HTTP request. These accounts can send...

OESA-2024-1322 python-aiosmtpd security update

This is a server for SMTP and related protocols, similar in utility to the standard library's smtpd.py module, but rewritten to be based on asyncio for Python 3. Security Fixes: aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP...

SMTP Smuggling

aiosmtpd is vulnerable to inbound SMTP smuggling. The vulnerability is due to interpretation differences of the SMTP protocol, enabling attackers to send spoofed emails with fake sender addresses, facilitating advanced phishing attacks...

PYSEC-2024-221

aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send...

DEBIAN-CVE-2024-27305

aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send...

Design/Logic Flaw

aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send...

PT-2024-21808 · Aiosmtpd +1 · Aiosmtpd +1

Name of the Vulnerable Software and Affected Versions: aiosmtpd versions prior to 1.4.5 Description: aiosmtpd is vulnerable to inbound SMTP smuggling, a novel vulnerability based on interpretation differences of the SMTP protocol. By exploiting this issue, an attacker may send spoofed e-mails wit...

Design/Logic Flaw

Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label Edit Team - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload external link is presented in clickable form - easier to achieve own goals by malicious actors. This iss...

Hoppscotch Security Vulnerability

Hoppscotch is an open source Api development ecosystem. A security vulnerability exists in Hoppscotch version 2023.12.5 and earlier, where the source of the vulnerability lacks validation of fields such as LabelEdit Team-TeamName, which allows an attacker to pass off emails with spoofed content a...