9 matches found
BIT-DISCOURSE-2026-26077 Discourse doesn't ensure webhooks require a token
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, several webhook endpoints SendGrid, Mailjet, Mandrill, Postmark, SparkPost in the WebhooksController accepted requests without a valid authentication token when no token was configured. This...
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
A malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management CRM tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims' digital wallets. "Recipients of the bulk sp...
Malicious Attachments Remain a Cybercriminal Threat Vector Favorite
While attachment threat vectors are one of the oldest malware-spreading tricks in the books, email users are still clicking on malicious attachments that hit their inbox, whether it’s a purported “job offer” or a pretend “critical invoice.” The reason why threat actors are still relying on this...
New iPhone Zero-Day Discovered
Last year, ZecOps discovered two iPhone zero-day exploits. They will be patched in the next iOS release: Avraham declined to disclose many details about who the targets were, and did not say whether they lost any data as a result of the attacks, but said "we were a bit surprised about who was...
Facebook Caught Asking Some Users Passwords for Their Email Accounts
Facebook has been caught practicing the worst ever user-verification mechanism that could put the security of its users at risk. Generally, social media or any other online service asks users to confirm a secret code or a unique URL sent to the email address they provided for the account...
Data exfiltration techniques
Data exfiltration is the last stage of the kill chain in a generally targeted attack on an organisation. Whilst many excellent papers and tools are available for various techniques this is our attempt to pull all these together. This could also be used as a crib sheet for fellow pen testers who a...
All Email Providers - GPL license, MIT license vulnerabilities
HackApp vulnerability scanner discovered that application All Email Providers published at the 'play' market has multiple vulnerabilities...
All Emails Providers MoboSpace - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application All Emails Providers MoboSpace published at the 'play' market has multiple vulnerabilities...
EMUMAIL5.x.txt
1EMUMAIL 5.x parameter validation vulnerability. --------------------------- Summary -------- Parameter validation bugs exist in 2 of the most popular Greek Free e-mail providers. The problem also there is on many other servers worldwide.The affected software is EMUMAIL 5.x used by Mail.gr and th...