CVE-2025-64712 Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write

The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...

CVE-2025-64712

The unstructured library provides open-source components for ingesting and pre-processing images and text documents, such as PDFs, HTML, Word docs, and many more. Prior to version 0.18.18, a path traversal vulnerability in the partitionmsg function allows an attacker to write or overwrite arbitra...

EUVD-2018-20518

Malware in sbrugna...

EUVD-2020-6176

Malware in sbrugna...

EUVD-2018-20531

Malware in sbrugna...

EUVD-2018-20519

Malware in sbrugna...

New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection

A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of...

Spam and phishing in 2024

The year in figures 27% of all emails sent worldwide and 48.57% of all emails sent in the Russian web segment were spam 18% of all spam emails were sent from Russia Kaspersky Mail Anti-Virus blocked 125,521,794 malicious email attachments Our Anti-Phishing system thwarted 893,216,170 attempts to...

Hackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity Stealer

Threat actors have been observed concealing malicious code in images to deliver malware such as VIP Keylogger and 0bj3ctivity Stealer as part of separate campaigns. "In both campaigns, attackers hid malicious code in images they uploaded to archive.org, a file-hosting website, and used the same...

PT-2025-1193

Name of the Vulnerable Software and Affected Versions Microsoft Outlook versions prior to the fixed version Description The vulnerability is a zero-click remote code execution RCE flaw in Microsoft Outlook, caused by a memory corruption issue in the UtOlePresStmToContentsStm function of the...

Beyond the Surface: the evolution and expansion of the SideWinder APT group

SideWinder, aka T-APT-04 or RattleSnake, is one of the most prolific APT groups that began its activities in 2012 and was first publicly mentioned by us in 2018. Over the years, the group has launched attacks against high-profile entities in South and Southeast Asia. Its primary targets have been...

ROS-20240826-17

Vulnerability in DecodeConfig component of Golang programming language is related to uncontrolled consumption of resources. resources. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial-of-service condition. denial of service Vulnerability of...

openSUSE Security Advisory (SUSE-SU-2024:1486-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

The vulnerability of the rcmail_action_mail_get->run() function in the RoundCube Webmail client allows a hacker to execute XSS attacks.

The vulnerability of the rcmailactionmailget-run function in the RoundCube Webmail client exists because measures to protect the web page structure are not taken. Exploiting this vulnerability allows a malicious actor to perform XSS attacks by sending specially crafted malicious attachments...

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

Summary The U.S. Federal Bureau of Investigation FBI and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea DPRK’s Reconnaissance General Bureau RGB 3rd Bureau based in Pyongyan...

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious attachments to target users' inboxes. The vulnerability, tracked as CVE-2024-39929, has a CVSS score of 9.1 out of 10.0. It has been addressed in version 4.98. "Exim...

cosign: Malicious attachments can cause system-wide denial of service

A flaw was found in the Cosign package where a malicious attachment may trigger uncontrolled resource consumption by allocating too much memory. This flaw allows an attacker to craft a malicious attachment, resulting in a denial of service, possibly impacting other applications running on the sam...

SUSE-SU-2024:1486-2 Security update for cosign

This update for cosign fixes the following issues: - CVE-2024-29902: Fixed denial of service on host machine via remote image with a malicious attachments bsc1222835 - CVE-2024-29903: Fixed denial of service on host machine via malicious software artifacts bsc1222837 Other fixes: - Updated to 2.2...

PT-2024-19704 · Open Xchange Gmbh +1 · Ox App Suite +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Maliciously crafted E-Mail attachment names could be used to temporarily execute script code in the context of the user's browser session. Common user...

Cybercriminals Targeting Latin America with Sophisticated Phishing Scheme

A new phishing campaign has set its eyes on the Latin American region to deliver malicious payloads to Windows systems. "The phishing email contained a ZIP file attachment that when extracted reveals an HTML file that leads to a malicious file download posing as an invoice," Trustwave SpiderLabs...