Phishing campaign abuses Google Cloud services to steal Microsoft 365 logins

Attackers are sending very convincing fake “Google” emails that slip past spam filters, route victims through several trusted Google-owned services, and ultimately lead to a look-alike Microsoft 365 sign-in page designed to harvest usernames and passwords. Researchers found that cybercriminals us...

Improper Access Control

studiomitte/friendlycaptcha is vulnerable to Improper Access Control. The vulnerability is due to the extension failing to check the captcha field requirement in submitted form data, which lets an attacker bypass the captcha check...

CVE-2023-41100

An issue was discovered in the hcaptcha aka hCaptcha for EXT:form extension before 2.1.2 for TYPO3. It fails to check that the required captcha field is submitted in the form data. allowing a remote user to bypass the CAPTCHA check...

HackerOne: Denial of service in report view.

Hello Team! First of all thank you for acknowledging my feature request, I know it will help a lot of users. Description: ========== I just wanted to report a potential vulnerability on the report view functionality. For obvious reasons I'm using my sandboxed team on an alternate account to test...