Scammers Sent 40,000 E-Signature Phishing Emails to 6,000 Firms in Just 2 Weeks

Phishing campaign: Scammers sent over 40,000 spoofed SharePoint, DocuSign and e-sign emails to companies, hiding malicious links behind trusted redirect services...

Astaroth Banking Trojan Abuses GitHub to Remain Operational After Takedowns

Cybersecurity researchers are calling attention to a new campaign that delivers the Astaroth banking trojan that employs GitHub as a backbone for its operations to stay resilient in the face of infrastructure takedowns. "Instead of relying solely on traditional command-and-control C2 servers that...

EUVD-2020-6019

Malware in sbrugna...

EUVD-2024-46110

Malicious code in bioql PyPI...

EUVD-2024-46117

Malicious code in bioql PyPI...

EUVD-2023-39805

Malicious code in bioql PyPI...

docusign-jsx (=1.0.0), word-replace-contabil (>=1.0.1 <=1.0.9) potentially affected by unknown CVE via word2pdf (=0.0.1-security)

word2pdf NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on word2pdf and may be impacted: - docusign-jsx =1.0.0 - word-replace-contabil =1.0.1, =1.0.9 Source cves: unknown CVE Source advisory: OSV:MAL-2025-39417...

Fake DocuSign email hides tricky phishing attempt

On my daily rounds, I encountered a phishing attempt that used a not completely unusual, yet clever delivery method. What began as a seemingly routine DocuSign notification turned into a multi-layered deception involving Webflow, a shady redirect, and a legitimate Google login page. Webflow is a...

CVE-2024-52276

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which...

CVE-2024-39344

An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The ApttusDocuApiDocusignAuthenticationmdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when install...

CVE-2024-52269

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04...

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

CVE-2020-13804

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It allows information disclosure of a hardcoded username and password in the DocuSign plugin...

PayPal scam abuses Docusign API to spread phishy emails

PayPal scammers are using an old Docusign trick to enhance the trustworthiness of their phishing emails. We've received several reports of this recently, so we dug into how the scam works. The Docusign Application Programming Interface API allows “customers” to send emails that come from genuine...

New Mobile Phishing Targets Executives with Fake DocuSign Links

Cybercriminals are using advanced techniques to target executives with mobile-specific phishing attacks...

VulnCheck KEV: CVE-2024-52276

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which...

VulnCheck KEV: CVE-2024-52269

User Interface UI Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04...

PT-2024-35146 · Docusign · Docusign

Name of the Vulnerable Software and Affected Versions: DocuSign versions through 2024-12-04 Description: The issue is related to a User Interface UI Misrepresentation of Critical Information vulnerability, which allows Content Spoofing. This means that the displayed version of a document does not...

Docusign API 安全漏洞

The Docusign API is a secure and scalable API from Docusign. A security vulnerability exists in the Docusign API that stems from misrepresentation of critical information in the user interface leading to content spoofing...

Docusign API 安全漏洞

The Docusign API is a secure and extensible API from Docusign, Inc. A security vulnerability exists in the Docusign API that stems from misrepresentation of critical information in the user interface leading to content spoofing...