6 matches found
EUVD-2025-24039
Malicious code in bioql PyPI...
CVE-2025-54888
Fedify vulnerability CVE-2025-54888 is an authentication bypass in handleInboxInternal that lets an attacker impersonate any ActivityPub actor by sending forged activities signed with their own keys. The flaw processes an activity before verifying the signer’s ownership of the actor, enabling imp...
GHSA-6JCC-XGCR-Q3H4 @fedify/fedify has Improper Authentication and Incorrect Authorization
Summary An authentication bypass vulnerability allows any unauthenticated attacker to impersonate any ActivityPub actor by sending forged activities signed with their own keys. Activities are processed before verifying the signing key belongs to the claimed actor, enabling complete actor...
PT-2025-32420
Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.3.20 Fedify versions 1.4.0-dev.585 through 1.4.12 Fedify versions 1.5.0-dev.636 through 1.5.4 Fedify versions 1.6.0-dev.754 through 1.6.7 Fedify versions 1.7.0-pr.251.885 through 1.7.8 Fedify versions 1.8.0-dev.909...
The benefits of taking an intent-based approach to detecting Business Email Compromise
By Abhishek Singh. BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets. A policy tha...
Threat Actor Impersonates USPS to Deliver Backdoor Malware
A new threat actor has been found impersonating the U.S. Postal Service USPS and other government agencies to deliver and install backdoor malware to various organizations in Germany, Italy and the United States, according to new research. The campaigns, which researchers from cybersecurity firm...