Lucene search
K

6 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-24039

Malicious code in bioql PyPI...

8.7CVSS6.3AI score0.00707EPSS
Exploits0References3
CVE
CVE
added 2025/08/09 1:31 a.m.33 views

CVE-2025-54888

Fedify vulnerability CVE-2025-54888 is an authentication bypass in handleInboxInternal that lets an attacker impersonate any ActivityPub actor by sending forged activities signed with their own keys. The flaw processes an activity before verifying the signer’s ownership of the actor, enabling imp...

8.7CVSS7AI score0.00707EPSS
Exploits0References2
OSV
OSV
added 2025/08/08 2:29 p.m.4 views

GHSA-6JCC-XGCR-Q3H4 @fedify/fedify has Improper Authentication and Incorrect Authorization

Summary An authentication bypass vulnerability allows any unauthenticated attacker to impersonate any ActivityPub actor by sending forged activities signed with their own keys. Activities are processed before verifying the signing key belongs to the claimed actor, enabling complete actor...

8.7CVSS7.1AI score0.00707EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.8 views

PT-2025-32420

Name of the Vulnerable Software and Affected Versions Fedify versions prior to 1.3.20 Fedify versions 1.4.0-dev.585 through 1.4.12 Fedify versions 1.5.0-dev.636 through 1.5.4 Fedify versions 1.6.0-dev.754 through 1.6.7 Fedify versions 1.7.0-pr.251.885 through 1.7.8 Fedify versions 1.8.0-dev.909...

8.7CVSS5.4AI score0.00707EPSS
Exploits0References14
Talos Blog
Talos Blog
added 2022/10/18 12:0 p.m.18 views

The benefits of taking an intent-based approach to detecting Business Email Compromise

By Abhishek Singh. BEC is a multi-stage attack. Adversaries first identify targets, then they establish rapport with the victim before exploiting them for whatever their end goal is. In the case of BEC, a threat actor can impersonate any employee in the organization to trick targets. A policy tha...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2019/11/14 2:0 p.m.84 views

Threat Actor Impersonates USPS to Deliver Backdoor Malware

A new threat actor has been found impersonating the U.S. Postal Service USPS and other government agencies to deliver and install backdoor malware to various organizations in Germany, Italy and the United States, according to new research. The campaigns, which researchers from cybersecurity firm...

Exploits0References5
Rows per page
Query Builder