94 matches found
WordPress Subscriptions & Memberships for PayPal plugin <= 1.1.7 - Unauthenticated Fake Payment Creation vulnerability
Unauthenticated Fake Payment Creation vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Subscriptions & Memberships for PayPal versions = 1.1.7...
Phantom Stealer Spread by ISO Phishing Emails Hitting Russian Finance Sector
Cybersecurity researchers have disclosed details of an active phishing campaign that's targeting a wide range of sectors in Russia with phishing emails that deliver Phantom Stealer via malicious ISO optical disc images. The activity, codenamed Operation MoneyMount-ISO by Seqrite Labs, has primari...
MAL-2024-1603 Malicious code in icon-reactjs (npm)
This package is considered malicious because it contains code to spam Telegram channels and Whatsapp channels with fake payment confirmations...
How Cybercriminals are Exploiting India's UPI for Money Laundering Operations
Cybercriminals are using a network of hired money mules in India using an Android-based application to orchestrate a massive money laundering scheme. The malicious application, called XHelper, is a "key tool for onboarding and managing these money mules," CloudSEK researchers Sparsh Kulshrestha,...
Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!
An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known ...
Man scammed IRL for a phone he sold online
If youre looking to sell an item which youve advertised online, be on your guard. Even when everything looks to be working as it should, things can go wrong very quickly as one unfortunate IT graduate recently discovered. You would think that theres no way the in-person sale of an expensive devic...
Obscure Email Vulnerability allow anyone to signup with target email id without proper verification and Allowing malicious domain on username input field leads to business logic error by victim response fetching via email and force a user to download any file hacker want on behalf of [email protected].
Description This vulnerability is a result of an interaction between two different ways of handling e-mail addresses. Gmail ignores dots in addresses, so [email protected] is the same as [email protected] is the same as [email protected]. with this vulnerability attacker ca...
Attackers use Morse code, other encryption methods in evasive phishing campaign
Cybercriminals attempt to change tactics as fast as security and protection technologies do. During our year-long investigation of a targeted, invoice-themed XLS.HTML phishing campaign, attackers changed obfuscation and encryption mechanisms every 37 days on average, demonstrating high motivation...
Over 2800 e-Shops Running Outdated Magento Software Hit by Credit Card Hackers
A wave of cyberattacks against retailers running the Magento 1.x e-commerce platform earlier this September has been attributed to one single group, according to the latest research. "This group has carried out a large number of diverse Magecart attacks that often compromise large numbers of...
Khan Academy: EMAIL SPOOFING
Hey KHANACADEMY, I have found Email Spoofing type of Vulnerability in your Website. Attacker can use your E-Mail to send emails to others. Email spoofing is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, ...
Threat Outbreak Alert RuleID11616: Email Messages Distributing Malicious Software on September 18, 2014
Medium Alert ID: 35767 First Published: 2014 September 18 15:02 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID11616 and RuleID11616KVR may contain the...
Threat Outbreak Alert: Fake Payment Details Email Messages on May 28, 2014
Medium Alert ID: 34404 First Published: 2014 May 29 13:13 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain payment details for the recipient. The email message attempts to convince the recipient to open the attachment and...
Threat Outbreak Alert: Fake Payment Notification Email Messages on May 6, 2014
Medium Alert ID: 34121 First Published: 2014 May 6 16:50 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a payment receipt notification for the recipient. The text in the email message attempts to convince the recipient ...
Threat Outbreak Alert: Fake Payment Details Notification Email Messages on May 6, 2014
Medium Alert ID: 34117 First Published: 2014 May 6 16:08 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account payment details notification for the recipient. The text in the email message attempts to convince the...
Threat Outbreak Alert: Fake Payment Notification Email Messages on April 30, 2014
Medium Alert ID: 34021 First Published: 2014 May 1 13:41 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a swift payment notification for the recipient. The text in the email message attempts to convince the recipient to...
Threat Outbreak Alert: Fake Payment Transfer Notification Email Messages on April 28, 2014
Medium Alert ID: 33982 First Published: 2014 April 29 18:38 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain payment transfer details for the recipient. The text in the email message attempts to convince the recipient to...
Threat Outbreak Alert: Fake Payment Receipt Notification Email Messages on April 28, 2014
Medium Alert ID: 33977 First Published: 2014 April 29 18:26 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a payment receipt for the recipient. The text in the email message attempts to convince the recipient to open th...
Threat Outbreak Alert: Fake Payment Cancellation Notification Email Messages on April 28, 2014
Medium Alert ID: 33973 First Published: 2014 April 28 19:38 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a payment cancellation notice for the recipient. The text in the email message attempts to convince the recipien...
Threat Outbreak Alert: Fake Payment Confirmation Email Messages on April 28, 2014
Medium Alert ID: 33962 First Published: 2014 April 28 15:23 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a payment slip for the recipient. The text in the email message attempts to convince the recipient to open the...
Threat Outbreak Alert: Fake Payment Processing Notification Failure Email Messages on April 28, 2014
Medium Alert ID: 33965 First Published: 2014 April 28 15:19 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a payment processing failure notification for the recipient. The text in the email message attempts to convince...