AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23549)

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

CVE-2025-59760

Summary: CVE-2025-59760 is an XSS vulnerability in AndSoft e-TMS v25.03. The issue is reflected XSS arising from insufficient filtering/escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, SuppConn in the file /clt/LOGINFRM_DHL.ASP . An attacker can supply a malicious UR...

AndSoft e-TMS 跨站脚本漏洞

AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the parameters l, demo, demo2, TNTLOGIN, UO, and SuppConn in the file...

New iMessage Phishing Campaign Targets Postal Service Users Globally

By Waqas Some of the known targets of this iMessage phishing campaign are USPS the United States Postal Service, DHL, Evri, Australia Post, Bulgarian Posts, and Singapore Post. This is a post from HackRead.com Read the original post: New iMessage Phishing Campaign Targets Postal Service Users...

RedZei Chinese Scammers Targeting Chinese Students in the U.K.

Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei aka RedThief. "The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe...

Shipment-Delivery Scams Become the Favored Way to Spread Malware

Threat actors are increasingly using scams that spoof package couriers like DHL or the U.S. Postal Service in authentic-looking phishing emails that attempt to dupe victims into downloading credential-stealing or other malicious payloads, researchers have found. Researchers from Avanan, a Check...

dhl-ess.com Improper Access Control vulnerability OBB-2298588

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Buer Malware Tool Rewritten in E-Z Rust Language

A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Join Threatpost for “Fortifying Your...

A Rust-based Buer Malware Variant Has Been Spotted in the Wild

Cybersecurity researchers on Monday disclosed a new malspam campaign distributing a fresh variant of a malware loader called "Buer" written in Rust, illustrating how adversaries are constantly honing their malware toolsets to evade analysis. Dubbed "RustyBuer," the malware is propagated via email...

Watch out! Android Flubot spyware is spreading fast

Using a proven method of text messages about missed deliveries, an old player on the Android malware stage has returned for an encore. This time it seems to be very active, especially in the UK where Android users are being targeted by text messages containing a link to a particularly nasty piece...

Flubot Spyware Spreading Through Android Devices

Android mobile phone users across the U.K. and Europe are being targeted by text messages containing a particularly nasty piece of spyware called “Flubot,” according to the U.K.’s National Cyber Security Centre. And the U.S. could be the next target. Victims are asked to download a fake app from ...

10K Microsoft Email Users Hit in FedEx Phishing Attack

Researchers are warning of recent phishing attacks targeting at least 10,000 Microsoft email users, pretending to be from popular mail couriers – including FedEx and DHL Express. Click to Register Both scams have targeted Microsoft email users and aim to swipe their work email account credentials...

Phishing Campaign Leverages WOFF Obfuscation and Telegram Channels for Communication

FireEye Email Security recently encountered various phishing campaigns, mostly in the Americas and Europe, using source code obfuscation with compromised or bad domains. These domains were masquerading as authentic websites and stole personal information such as credit card data. The stolen...

Microsoft is the Most-Imitated Brand for Phishing Emails

Microsoft is top of the heap when it comes to hacker impersonations – with Microsoft products and services featuring in nearly a fifth of all global brand phishing attacks in the third quarter of this year. That’s according to Check Point, which found that the computing giant leapt from fifth pla...

Malspam campaign caught using GuLoader after service relaunch

They say any publicity is good publicity. But perhaps this isnt true for CloudEye, an Italian firm that claims to provide "the next generation of Windows executables protection". First described by Proofpoint security researchers in March 2020, GuLoader is a downloader used by threat actors to...

lot.dhl.com Cross Site Scripting vulnerability OBB-1224532

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

German Police Seek Help In Finding Parcel Bomber With MAC Address

German police are seeking your help in gathering information related to a MAC address that could lead to the cell phone device used by a DHL blackmailer who last year parceled out bombs at different addresses in Brandenburg and Berlin. Between November 2017 and April 2018, someone used German...

webtrack.dhlglobalmail.com XSS vulnerability

Open Bug Bounty ID: OBB-689947 Description| Value ---|--- Affected Website:| webtrack.dhlglobalmail.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3...

Threat Outbreak Alert RuleID33419: Email Messages Distributing Malicious Software on August 13, 2018

Medium Alert ID: 58687 First Published: 2018 August 14 16:44 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID33419 may contain the following files: Name |...

Threat Outbreak Alert RuleID33418: Email Messages Distributing Malicious Software on August 13, 2018

Medium Alert ID: 58688 First Published: 2018 August 14 16:44 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID33418 may contain the following files: Name |...