Lucene search
K

259 matches found

Veracode
Veracode
added 2025/07/14 5:25 a.m.4 views

Cache Deception

better-call is vulnerable to cache deception. The vulnerability is due to insufficient path sanitization during request processing, which allows an attacker to craft deceptive URLs that mimic static assets and bypass CDN cache exclusion rules...

7AI score
Exploits0
NVD
NVD
added 2025/07/10 8:15 p.m.29 views

CVE-2025-7021

Fullscreen API Spoofing and UI Redressing in the handling of Fullscreen API and UI rendering in OpenAI Operator SaaS on Web allows a remote attacker to capture sensitive user input e.g., login credentials, email addresses via displaying a deceptive fullscreen interface with overlaid fake browser...

6.9CVSS0.00299EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/07/10 12:0 a.m.4 views

OpenAI Operator 安全漏洞

OpenAI Operator is an AI agent for individual OpenAI developers in the United States. OpenAI Operator suffers from a security vulnerability that stems from mishandling of the full-screen API and UI rendering, which could lead to a remote attacker capturing sensitive user input via a deceptive...

6.9CVSS6.7AI score0.00299EPSS
Exploits1References2
OSV
OSV
added 2025/06/12 3:15 p.m.3 views

CVE-2025-49192

The web application is vulnerable to clickjacking attacks. The site can be embedded into another frame, allowing an attacker to trick a user into clicking on something different from what the user perceives. This could potentially reveal confidential information or allow others to take control of...

6.1CVSS5.7AI score0.00274EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2025/06/03 3:0 p.m.27 views

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations DTI team said it identified "malicious multi-stag...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/05/29 10:0 a.m.15 views

Cybercriminals camouflaging threats as AI tool installers

Cisco Talos has discovered new threats, including the ransomware CyberLock, LuckyGh0$t, and a newly-discovered malware we call "Numero," all of which masquerade as legitimate AI tool installers. CyberLock ransomware, developed using PowerShell, primarily focuses on encrypting specific files on th...

7.4AI score
Exploits0
Trellix
Trellix
added 2025/05/28 12:0 a.m.29 views

A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment

A Flyby on the CFO's Inbox: Spear-Phishing Campaign Targeting Financial Executives with NetBird Deployment By Trellix · May 28, 2025 This blog was written by Srini Seethapathy Trellix wants to acknowledge thequick response from NetBird following our initial findings. NetBird acted immediately to...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2025/05/01 12:0 a.m.16 views

HoneyWin: High-Interaction Windows Honeypot in Enterprise Environment

Windows operating systems OS are ubiquitous in enterprise Information Technology IT and operational technology OT environments. Due to their widespread adoption and known vulnerabilities, they are often the primary targets of malware and ransomware attacks. With 93% of the ransomware targeting...

7.4AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/21 3:13 p.m.21 views

SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks

A new Android malware-as-a-service MaaS platform named SuperCard X can facilitate near-field communication NFC relay attacks, enabling cybercriminals to conduct fraudulent cashouts. The active campaign is targeting customers of banking institutions and card issuers in Italy with an aim to...

6.8AI score
Exploits0
Securelist
Securelist
added 2025/04/21 8:0 a.m.21 views

Phishing attacks leveraging HTML code inside SVG files

With each passing year, phishing attacks feature more and more elaborate techniques designed to trick users and evade security measures. Attackers employ deceptive URL redirection tactics, such as appending malicious website addresses to seemingly safe links, embed links in PDFs, and send HTML...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/04/11 8:13 a.m.24 views

SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps

Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/03/10 2:25 p.m.15 views

Fake CAPTCHA websites hijack your clipboard to install information stealers

There are more and more sites that use a clipboard hijacker and instruct victims on how to infect their own machine. I realize that may sound like something trivial to steer clear from, but apparently it’s not because the social engineering behind it is pretty sophisticated. At first, these attac...

6.7AI score
Exploits0
OSV
OSV
added 2025/03/04 2:15 p.m.7 views

UBUNTU-CVE-2025-1939

Android apps can load web pages using the Custom Tabs feature. This feature supports a transition animation that could have been used to trick a user into granting sensitive permissions by hiding what the user was actually clicking. This vulnerability affects Firefox 136...

3.9CVSS5.8AI score0.00175EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2025/02/12 2:27 p.m.10 views

CVE-2025-1244

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect...

8.8CVSS8.3AI score0.0256EPSS
Exploits0
OSV
OSV
added 2025/01/15 6:15 p.m.13 views

UBUNTU-CVE-2024-52005

Git is a source code management tool. When cloning from a server or fetching, or pushing, informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the...

8.8CVSS7.2AI score0.00494EPSS
Exploits1References5
Imperva Blog
Imperva Blog
added 2024/10/31 1:0 p.m.7 views

Cyber Threats in Costume: When Attacks Hide Behind a Mask

Introduction As Halloween approaches, the idea of costumes and disguises takes center stage, but the spirit of deception isn’t limited to one night. In the digital world, cyberattacks can also wear masks, concealing their true intentions to slip past defenses. Just as a costume can obscure who’s...

7.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/30 1:0 p.m.17 views

Malvertising Campaign Hijacks Facebook Accounts to Spread SYS01stealer Malware

Cybersecurity researchers have uncovered an ongoing malvertising campaign that abuses Meta's advertising platform and hijacked Facebook accounts to distribute an information stealer known as SYS01stealer. "The hackers behind the campaign use trusted brands to expand their reach," Bitdefender Labs...

7.3AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/23 9:54 a.m.22 views

Researchers Reveal 'Deceptive Delight' Method to Jailbreak AI Models

Cybersecurity researchers have shed light on a new adversarial technique that could be used to jailbreak large language models LLMs during the course of an interactive conversation by sneaking in an undesirable instruction between benign ones. The approach has been codenamed Deceptive Delight by...

7.1AI score
Exploits0
Qualys Blog
Qualys Blog
added 2024/10/21 4:49 a.m.36 views

Unmasking Lumma Stealer: Analyzing Deceptive Tactics with Fake CAPTCHA

Summary Lumma Stealer is an information-stealing malware available through a Malware-as-a-Service MaaS. It specializes in stealing sensitive data such as passwords, browser information, and cryptocurrency wallet details. The attacker has advanced its tactics, moving from traditional phishing to...

7.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/15 3:47 p.m.14 views

TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns

New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant...

7.3AI score
Exploits0
Rows per page
Query Builder