Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years

Introduction In late April 2026, a client reached out to us for incident response support after discovering a miner running on users' computers. We later discovered that the malware was being distributed via illegal movie and TV show streaming sites. The infection chain leveraged a fake update fo...

CVE-2019-12477

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/mediacontrol?action=setUri= URI...

The ‘Epstein’s Suicide’ Video in the Latest DOJ Release Isn’t What It Seems

Here’s how a fake clip from 2019 wound up in the latest Justice Department Epstein files dump...

FBI Warns of Fake Video Scams

The FBI is warning of AI-assisted fake kidnapping scams: Criminal actors typically will contact their victims through text message claiming they have kidnapped their loved one and demand a ransom be paid for their release. Oftentimes, the criminal actor will express significant claims of violence...

Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data

Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies usi...

Supra Smart Cloud TV Remote File Inclusion

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Supra Smart Cloud TV Remote File Inclusion', 'Description' = %q This module exploits an unauthenticated remote file inclusion which exists in Sup...

Spelevo exploit kit debuts new social engineering trick

2019 has been a busy year for exploit kits, despite the fact that they haven't been considered a potent threat vector for years, especially on the consumer side. This time, we discovered the Spelevo exploit kit with its virtual pants down, attempting to capitalize on the popularity of adult...

Steer clear of Bitcoin Cash generators

Here’s an interesting evolution on a well-worn scam, taking one profit generating fakeout and turning it into something else entirely. For years, gamers have been stuck navigating the treacherous waters of fake video game giveaways. With so many actual genuine gaming giveaways around, you’re neve...

Supra Smart Cloud TV Remote File Inclusion

This module exploits an unauthenticated remote file inclusion which exists in Supra Smart Cloud TV. The media control for the device doesn't have any session management or authentication. Leveraging this, an attacker on the local network can send a crafted request to broadcast a fake video. This...

CVE-2019-12477

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/mediacontrol?action=setUri&uri= URI...

Remote file inclusion

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/mediacontrol?action=setUri&uri= URI...

CVE-2019-12477

Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/mediacontrol?action=setUri&uri= URI...

CVE-2019-12477

The CVE-2019-12477 entry describes a remote file inclusion in Supra Smart Cloud TV. The openLiveURL function is vulnerable to unauthenticated remote file inclusion via /remote/media_control?action=setUri&uri=, allowing a local attacker on the same network to broadcast fake video without authentic...

SUPRA Smart TV Flaw Lets Attackers Hijack Screens With Any Video

I have said it before, and I will say it again — Smart devices are one of the dumbest technologies, so far, when it comes to protecting users' privacy and security. As more and more smart devices are being sold worldwide, consumers should be aware of security and privacy risks associated with the...

The Future of Forgeries

This article argues that AI technologies will make image, audio, and video forgeries much easier in the future. Combined, the trajectory of cheap, high-quality media forgeries is worrying. At the current pace of progress, it may be as little as two or three years before realistic audio forgeries...

Sick Facebook Scammers Exploit Robin Williams' Suicide

Scammers spare no incident to target as many victims as possible, and this time they are exploiting the tragic death of comic actor Robin Williams by offering the fake Facebook videos proclaiming a Goodbye video message that Williams made before his death. According to Symantec, this fake Faceboo...

Threat Outbreak Alert: Fake Video Sharing Email Messages on February 18, 2014

Medium Alert ID: 32901 First Published: 2014 February 18 18:19 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a video for the recipient. The text in the email message attempts to convince the recipient to open the link ...

Malicious Firefox, Chrome Extensions Target Facebook Users

Facebook users are being warned of malicious Firefox and Chrome extensions that can give an attacker remote control over a Facebook profile. Microsoft has seen an increase in activity around these extensions, in particular in Brazil. The threat is detected as Trojan:JS/Febipos.A and has been...

Trojan.Milicenso Print Bomb - Printer Trojan cause massive printing

Trojan.Milicenso - Printer Trojan cause massive printing A Trojan that sends printers crazy, making them print pages of garbled nonsense until all the paper has been used up, has seen a spike in activity.Symantec detected the Trojan.Milicenso across various countries, but the worst hit regions...

Mac OS X malware posing as fake video codec

From ZDNet Dancho Danchev Researchers from ParetoLogic are reporting on a newly discovered Mac OS X malware variant posing as fake video ActiveX object paretologic.com found at a bogus Macintosh PortTube site. The use of fake video codecs is a social engineering tactic exclusively used by malware...