Investigating targeted “payroll pirate” attacks affecting US universities

Microsoft Threat Intelligence has observed a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. These types of attacks have been dubbed “payroll...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Improper Access Control vulnerability in Apache Commons

Summary Apache Commons BeanUtils: PropertyUtilsBean Does Not Suppresses An Enum's DeclaredClass Property By Default. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization - Publishing...

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, $2B Crypto Heist, Apple Siri Probe & More

Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms to connected devices, every system that enhances convenience also expands the attack surface...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing - Uncontrolled Recursion vulnerability in Apache Commons Lang

Summary Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass... Can Throw A StackOverflowError On Very Long Inputs. Following IBM® Engineering Lifecycle Management product is vulnerable to this attack, it has been addressed in this bulletin: IBM Engineering Lifecycle Optimization -...

“Can you test my game?” Fake itch.io pages spread hidden malware to gamers

You get a message from a Discord friend. Or maybe an unknown indie developer reaches out to you. “Can you test my game?” they ask. The webpage they send over a link to looks legit: screenshots, dev blurb, itch.io-style layout, and the download button is right there, waiting to be clicked. The...

MAL-2025-48350 Malicious code in @global-engineering-shared/gweb-material-global (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 2ba104b6627fe8df8bd293bf059d78a48888e55fb0e74a51fad7270cfa21a15d Any computer that has this package installed or running should be considered...

Security Bulletin: IBM Engineering Lifecycle Management - Jazz Foundation is impacted by vulnerabilities in Apache Commons Compress

Summary Vulnerabilities have been identified in Apache Commons Compress, which is used in IBM Engineering Lifecycle Management - Jazz Foundation. Vulnerability Details CVEID:CVE-2024-25710 DESCRIPTION: Loop with Unreachable Exit Condition 'Infinite Loop' vulnerability in Apache Commons...

EUVD-2020-26789

Malware in sbrugna...

EUVD-2017-1808

Malware in sbrugna...

EUVD-2020-27005

Malware in sbrugna...

EUVD-2015-7410

Malware in sbrugna...

EUVD-2021-24846

Malware in sbrugna...

EUVD-2015-7408

Malware in sbrugna...

EUVD-2020-10675

Malware in sbrugna...

EUVD-2013-1202

Malware in sbrugna...

EUVD-2018-9795

Malware in sbrugna...

EUVD-2017-14690

Malware in sbrugna...

EUVD-2016-6075

Malware in sbrugna...

EUVD-2017-11847

Malware in sbrugna...

EUVD-2018-12495

Malware in sbrugna...