Lucene search
K

10 matches found

The Hacker News
The Hacker News
added 2026/04/23 6:16 p.m.14 views

UNC6692 Impersonates IT Help Desk via Microsoft Teams to Deploy SNOW Malware

A previously undocumented threat activity cluster known as UNC6692 has been observed leveraging social engineering tactics via Microsoft Teams to deploy a custom malware suite on compromised hosts. "As with many other intrusions in recent years, UNC6692 relied heavily on impersonating IT help des...

6.3AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2025/06/10 3:0 p.m.15 views

BlackSuit Continues Social Engineering Attacks in Wake of Black Basta’s Internal Conflict

Executive Summary There has been a significant decrease in social engineering attacks linked to the Black Basta ransomware group since late December 2024. This lapse also included the leaked Black Basta chat logs in February 2025, indicating internal conflict within the group. Despite this, Rapid...

8.5AI score
Exploits0
The Hacker News
The Hacker News
added 2024/08/14 5:13 p.m.23 views

Black Basta-Linked Attackers Target Users with SystemBC Malware

An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC. "The initial lure being utilized by the threat actors remain...

6.7AI score
Exploits0
Krebs on Security
Krebs on Security
added 2023/04/18 8:59 p.m.17 views

Giving a Face to the Malware Proxy Service ‘Faceless’

For the past seven years, a malware-based proxy service known as "Faceless" has sold anonymity to countless cybercriminals. For less than a dollar per day, Faceless customers can route their malicious traffic through tens of thousands of compromised systems advertised on the service. In this post...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2019/07/12 2:49 a.m.23 views

Trellix: Vulnerability Report: NO RATE LIMIT Password RESET

A vulnerability was found where there was no limit to the number of password reset requests that could be sent to a user. This could allow an attacker who obtained a user's session to send an unlimited number of OTPs to the user, potentially leading to denial of service...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2018/01/06 12:0 a.m.61 views

CommuniGatePro 6.2 Missing XIMSS Tag Validation

Exploit Title: CommuniGatePro 6.2 - Missing XIMSS tags validation Date: 02/01/2018 Exploit Author: Boumediene KADDOUR Unit: Algerie Telecom R&D Unit Vendor Homepage: https://www.stalker.com/ Software Link: http://www.stalker.com/ paid product Version: 6.2.x tags by tags and vice versa, ending up...

6.1AI score0.0089EPSS
Exploits2
Hacker One
Hacker One
added 2017/12/12 8:57 p.m.21 views

X (Formerly Twitter): No Rate Limit in email leads to huge Mass mailings

Hi Team, I have found a logical flawNOT DoS in the website 'https://app.mopub.com/' 1.Use Burp Suite and capture below request upon navigation to Code integration 2.Click on Send button after entering email address in the input field of 'Enter one or more email addresses and we'll send you links ...

6.7AI score
Exploits0
Hacker One
Hacker One
added 2017/04/26 4:30 p.m.19 views

ownCloud: password reset email spamming

Description: The email API https://yoursite/index.php/login?user=admin to reset password is unlimited and can be used as a email bomb vuln address:https://yoursite/index.php/lostpassword/email Reproduce steps:use demo.owncloud.org as example 1.https://demo.owncloud.org/index.php/login has a defau...

7.2AI score
Exploits0
Hacker One
Hacker One
added 2017/04/21 3:43 a.m.21 views

Nextcloud: The email API to test email-server settings is unlimited and can be used as a email bomb

Description: The email-server settings test function in https://demo.nextcloud.com/xxx/settings/admin/additional is unlimited and can be used as a email bomb. And the test email API is https://demo.nextcloud.com/xxx/settings/admin/mailtest Reproduce steps: 1.Go to...

7AI score
Exploits0
Hacker One
Hacker One
added 2017/04/19 7:58 a.m.30 views

Nextcloud: The email API to reset password is unlimited and can be used as a email bomb

Description: The email API https://demo.nextcloud.com/qazxsw/lostpassword/email to reset password is unlimited and can be used as a email bomb Reproduce steps: 1.Every Instant trial's link is https://demo.nextcloud.com/yourname,and it always has a default user admin 2.then I try to visit one...

7.2AI score
Exploits0
Rows per page
Query Builder