Storm-2561 Spreads Trojan VPN Clients via SEO Poisoning to Steal Credentials

Microsoft has disclosed details of a credential theft campaign that employs fake virtual private network VPN clients distributed through search engine optimization SEO poisoning techniques. "The campaign redirects users searching for legitimate enterprise software to malicious ZIP files on...

Beware of fake OpenClaw installers, even if Bing points you to GitHub

Attackers are abusing OpenClaw’s popularity by seeding fake “installers” on GitHub, boosted by Bing AI search results, to deliver infostealers and proxy malware instead of the AI assistant users were looking for. OpenClaw is an open‑source, self‑hosted AI agent that runs locally on your machine...

Black Cat Behind SEO Poisoning Malware Campaign Targeting Popular Software Searches

A cybercrime gang known as Black Cat has been attributed to a search engine optimization SEO poisoning campaign that employs fraudulent sites advertising popular software to trick users into downloading a backdoor capable of stealing sensitive data. According to a report published by the National...

EUVD-2020-12206

Malware in sbrugna...

EUVD-2021-20430

Malware in sbrugna...

EUVD-2024-45492

Malicious code in bioql PyPI...

Server-Side Request Forgery (SSRF)

Overview mcp-markdownify-server is a Model Context Protocol MCP server that converts various file types and web content to Markdown format. It provides a set of tools to transform PDFs, images, audio files, web pages, and more into easily readable and shareable Markdown text. Affected versions of...

CVE-2020-1329

A spoofing vulnerability exists when Microsoft Bing Search for Android improperly handles specific HTML content, aka 'Microsoft Bing Search Spoofing Vulnerability'...

The vulnerability of Microsoft Bing’s search system, related to the lack of authentication for a critical function, allows a perpetrator to execute arbitrary code.

The vulnerability of Microsoft Bing’s search system is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2024-51692

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through = 0.3.3...

CVE-2024-51692

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through = 0.3.3...

CVE-2024-51692 WordPress Bing Search API Integration plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through = 0.3.3...

CVE-2024-51692

CVE-2024-51692 (Bing Search API Integration, WordPress) is a reflected XSS vulnerability in the Bing Search API Integration plugin (Askew Brook) that could allow an attacker to inject and execute script during page generation. It affects the plugin version range from earlier releases up to 0.3.3....

CVE-2024-51692 WordPress Bing Search API Integration plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in askewbrook Bing Search API Integration abbs-bing-search allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through = 0.3.3...

WordPress plugin Bing Search API Integration 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting...

Crooks bank on Microsoft&#8217;s search engine to phish customers

We identified a new wave of phishing for banking credentials that targets consumers via Microsoft's search engine. A Bing search query for 'Keybank login' currently returns malicious links on the first page, and sometimes as the top search result. We have reported the fraudulent sites to Microsof...

WordPress Bing Search API Integration plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro Soares de Alcântara - Kinorth Patchstack Alliance in WordPress Plugin Bing Search API Integration versions = 0.3.3...

WordPress Bing Search API Integration Plugin <= 0.3.3 is vulnerable to Cross Site Scripting (XSS)

Software Bing Search API Integration Type Plugin Vulnerable versions = 0.3.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-51692 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 61326e410f4b Credits João Pedro S Alcântara...

Malware Campaign Lures Users With Fake W2 Form

The following analysts contributed to the research: Evan McCann, Matt Smith, Ipek Solak, Jake McMahon Rapid7 has recently observed an campaign targeting users searching for W2 forms using the Microsoft search engine Bing. Users are subsequently directed to a fake IRS website, enticing them to...

The vulnerability of Microsoft Bing Search’s search engine on the iOS operating system allows attackers to carry out spoofing attacks.

The vulnerability of Microsoft Bing Search’s search engine on the iOS operating system is related to a violation of data protection mechanisms. Exploiting this vulnerability allows an attacker to perform spear-phishing attacks remotely...