“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Introduction The primary goal for attackers in a phishing campaign is to bypass email security and trick the potential victim into revealing their data. To achieve this, scammers employ a wide range of tactics, from redirect links to QR codes. Additionally, they heavily rely on legitimate sources...

CVE-2026-41426 pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates

pretalx is a conference planning tool. Prior to 2026.1.0, an unauthenticated attacker can send arbitrary HTML-rendered emails from a pretalx instance's configured sender address by embedding malformed HTML or markdown link syntax in a user-controlled template placeholder such as the account displ...

The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines

By Diana Brown Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. These emails are transmitted using the legitimate mail delivery infrastructure associated with GitHub and Jira...

CVE-2026-4208 Authentication Bypass in extension "E-Mail MFA Provider" (mfa_email)

The extension fails to properly reset the generated MFA code after successful authentication. This leads to a possible MFA bypass for future login attempts by providing an empty string as MFA code to the extensions MFA provider...

CVE-2025-13587

CVE-2025-13587 affects the WordPress plugin “Two Factor (2FA) Authentication via Email” up to version 1.9.8. The root cause is that SS88_2FAVE::wp_login() only enforces 2FA when the 'token' parameter is undefined; providing any value (including empty) for token during login bypasses 2FA. The acco...

PT-2026-20601

Name of the Vulnerable Software and Affected Versions Two Factor 2FA Authentication via Email plugin for WordPress versions up to and including 1.9.8 Description The Two Factor 2FA Authentication via Email plugin for WordPress is susceptible to a bypass of the two-factor authentication mechanism...

CVE-2026-22594 Ghost has Staff 2FA bypass

Ghost is a Node.js content management system. In versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, a vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. This issue has been patched in versions 5.130.6 and 6.11.0...

Ghost 授权问题漏洞

Ghost is a hosting service of Ghost Open Source. An authorization issue vulnerability exists in Ghost versions 5.105.0 through 5.130.5 and 6.0.0 through 6.10.3, which stems from a flaw in Ghost's two-factor authentication mechanism that could cause a staff user to skip two-factor authentication f...

Ghost has Staff 2FA bypass

Impact A vulnerability in Ghost's 2FA mechanism allows staff users to skip email 2FA. Vulnerable versions This vulnerability is present in Ghost v5.105.0 to v5.130.5 to and Ghost v6.0.0 to v6.10.3. Patches v5.130.6 and v6.11.0 contain a fix for this issue. References Ghost thanks Sho Odagiri of G...

Vulnerabilities fixed in Mattermost

Mattermost has fixed vulnerabilities in versions 11.0.x through 11.0.3, 10.12.x through 10.12.1, 10.11.x through 10.11.4 and 10.5.x through 10.5.12. The vulnerabilities allow an authenticated attacker to take over an account via a carefully crafted email address during the authentication process...

Drupal Email TFA allows Functionality Bypass

Authentication Bypass Using an Alternate Path or Channel vulnerability in Drupal Email TFA allows Functionality Bypass. This issue affects Email TFA: from 0.0.0 before 2.0.6...

Drupal Email TFA 安全漏洞

Drupal Email TFA is a Drupal community module that provides email-based two-factor authentication functionality for Drupal. A security vulnerability exists in Drupal Email TFA versions prior to 2.0.6 that stems from bypassing authentication using an alternate path or channel, which could lead to...

PT-2025-45105

Name of the Vulnerable Software and Affected Versions MDaemon Mail Server version 23.5.2 Description MDaemon Mail Server version 23.5.2 validates Sender Policy Framework SPF, DomainKeys Identified Mail DKIM, and Domain-based Message Authentication, Reporting & Conformance DMARC using the email...

Authenticated SMTP users may spoof other identities due to ambiguous “From” header interpretation

Overview Email message header syntax can be exploited to bypass authentication protocols such as SPF, DKIM, and DMARC. These exploits enable attackers to deliver spoofed emails that appear to originate from trusted sources. Recent research has explored using the originator fields, such as From: a...

EUVD-2020-4585

Malware in sbrugna...

EUVD-2020-26937

Malware in sbrugna...

EUVD-2025-21703

Malicious code in bioql PyPI...

CVE-2025-3871 Broken Access Control Leads to Limited Denial of Service in GoAnywhere MFT 7.8.0 and earlier

Broken access control in Fortra's GoAnywhere MFT prior to 7.8.1 allows an attacker to create a denial of service situation when configured to use GoAnywhere One-Time Password GOTP email two-factor authentication 2FA and the user has not set an email address. In this scenario, the attacker may ent...

CVE-2023-46388

LOYTEC electronics GmbH LINX-212 and LINX-151 devices all versions are vulnerable to Insecure Permissions via dpalconfig.zml file. This vulnerability allows remote attackers to disclose smtp client account credentials and bypass email authentication...

CVE-2025-47781 Rallly Insufficient Password Login Token Entropy Leads to Account Takeover

Rallly is an open-source scheduling and collaboration tool. Versions up to and including 3.22.1 of the application features token based authentication. When a user attempts to login to the application, they insert their email and a 6 digit code is sent to their email address to complete the...