54 matches found
CVE-2026-7167
The CVE-2026-7167 entry concerns the Assassin game by Gaudire. It identifies a flaw in the authentication flow where the system improperly validates the 'email' field, allowing unverified or fake email addresses to be used to create accounts. The underlying cause is insufficient validation during...
CVE-2025-65925
An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...
CVE-2025-65925
An issue was discovered in Zeroheight SaaS prior to 2025-06-13. A legacy user creation API pathway allowed accounts to be created without completing the intended email verification step. While unverified accounts could not access product functionality, the behavior bypassed intended verification...
Zeroheight 安全漏洞
Zeroheight is a design system management platform from Zeroheight UK. A security vulnerability exists in versions of Zeroheight prior to 2025-06-13, which stems from a legacy user creation API that allows bypassing the email validation step to create an account, potentially leading to spam or fak...
EUVD-2025-37032
mCarFix Motorists App version 2.3 package name com.skytop.mcarfix, developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data...
CVE-2025-61118
mCarFix Motorists App version 2.3 package name com.skytop.mcarfix, developed by Paniel Mwaura, contains improper access control vulnerabilities. Attackers may bypass verification to arbitrarily register accounts, and by tampering with sequential numeric IDs, gain unauthorized access to user data...
Inside Microsoft Threat Intelligence: Calm in the chaos
Leading Through the Worst Day Incident response is never orderly. Threat actors don’t wait. Environments are compromised. Data is missing. Confidence is shaken. But for Microsoft’s Incident Response IR team, that chaos is exactly where the work begins. In Episode 1, we showed how Microsoft Threat...
CVE-2025-54573
CVAT is an open source interactive video and image annotation tool for computer vision. In versions 1.1.0 through 2.41.0, email verification was not enforced when using Basic HTTP Authentication. As a result, users could create accounts using fake email addresses and use the product as verified...
CVAT.ai CVAT 授权问题漏洞
CVAT.ai CVAT is an open source data processing tool from CVAT.ai. An authorization issue vulnerability exists in CVAT.ai CVAT versions 1.1.0 to 2.41.0, which stems from not enforcing email validation, and could lead to account creation and bot registration using a fake email address...
Hackers Use GitHub Repositories to Host Amadey Malware and Data Stealers, Bypassing Filters
Threat actors are leveraging public GitHub repositories to host malicious payloads and distribute them via Amadey as part of a campaign observed in April 2025. "The MaaS malware-as-a-service operators used fake GitHub accounts to host payloads, tools, and Amadey plug-ins, likely as an attempt to...
Iranian Blackout Affected Misinformation Campaigns
Dozens of accounts on X that promoted Scottish independence went dark during an internet blackout in Iran. Well, that's one way to identify fake accounts and misinformation campaigns...
Meta Disrupts Influence Ops Targeting Romania, Azerbaijan, and Taiwan with Fake Personas
Meta on Thursday revealed that it disrupted three covert influence operations originating from Iran, China, and Romania during the first quarter of 2025. "We detected and removed these campaigns before they were able to build authentic audiences on our apps," the social media giant said in its...
LinkedIn bots and spear phishers target job seekers
Microsoft's social network for professionals, LinkedIn, is an important platform for job recruiters and seekers alike. It's also a place where criminals go to find new potential victims. Like other social media platforms, LinkedIn is no stranger to bots attracted to special keywords and hashtags...
Internet Computer Protocol Launches Walletless Verified Credentials for Public Trust
Internet Computer Protocol ICP introduces Verified Credentials VCs, a walletless solution enhancing data sharing privacy. Unveiled at DICE 2024, VCs help combat bots and fake accounts on social media, ensuring secure and efficient verification...
Financial sextortion scams on the rise
“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charli...
Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts
By Deeba Ahmed The internet's underbelly is thriving on stolen identities and fake accounts, fueling mass phishing campaigns, identity theft rings, and DDoS attacks. This is a post from HackRead.com Read the original post: Microsoft Busts Black Market for 100s of Millions of Fraudulent Accounts...
2023 OWASP Top-10 Series: API6:2023 Unrestricted Access to Sensitive Business Flows
Welcome to the 7th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API6:2023 Unrestricted Access to Sensitive Business Flows. In this series we are taking an in-depth look at each category – the...
Warning: Fake GitHub Repos Delivering Malware as PoCs
By Waqas According to researchers, these fake accounts on GitHub and Twitter are spreading malware that infects both Windows- and Linux-based systems. This is a post from HackRead.com Read the original post: Warning: Fake GitHub Repos Delivering Malware as PoCs...
LinkedIn Verification Now Lets You Verify Your Job and Account
To beat back fake accounts, the professional social network is rolling out new tools to prove you work where you say you do and are who you say you are...
"Untraceable" surveillance firm sued for scraping Facebook and Instagram data
Days after Meta achieved victory after suing the NSO Group for Computer Fraud and Abuse Act charges, Meta filed a lawsuit against surveillance company Voyager Labs for violations of its Terms and Policies and California law. According to court documents, Voyager Labs created 38,000 fake accounts ...