EUVD-2022-41792

Malicious code in bioql PyPI...

Take back control of your browser—Malwarebytes Browser Guard now blocks search hijacking attempts

Search hijacking, often referred to as browser hijacking, occurs when cybercriminals modify users’ browser settings without their consent. This often results in users being redirected to potentially malicious websites, such as fake customer service offerings. Search hijacking commonly happens...

Phishing Emails Impersonating Qantas Target Credit Card Info

Fake Qantas emails in a sophisticated phishing scam steal credit card and personal info from Australians, bypassing major…...

Toll fee scams are back and heading your way

Back in August 2024, we warned about a relatively new type of SMS phishing or smishing scam that was doing the rounds. Now a new wave of toll fee scams are working their way round the US. These attempts come as an unexpected text message linking to a website pretending to belong to one of the US...

The “free money” trap: How scammers exploit financial anxiety

With financial stress at an all-time high, and many Americans grappling with confusion about social security, Medicaid, and Medicare, people are desperately seeking relief. Scammers know this all too well and have tailored their tactics to exploit these fears, preying on vulnerable individuals wi...

Warning over free online file converters that actually install malware

The FBI Denver Field Office has warned of an increasing number of scammy websites offering free online file converter services. Instead of converting files, the tools actually load malware onto victims’ computers. The FBI warned specifically about that malware leading to ransomware attacks, but...

Avery had credit card skimmer stuck on its site for months

The consequences of a wave of credit card skimmers—which is normal around the holidays—are starting to show. Label maker Avery has filed a data breach notification, saying 61,193 people may have had their credit card details stolen. On December 9, Avery said it became aware of an attack on its...

Google Calendar Phishing Scam Targets Users with Malicious Invites

Protect yourself from sophisticated phishing attacks that leverage Google Calendar to steal your personal information...

SMS scammers use toll fees as a lure

In April 2024, the FBI warned about a new type of smishing scam. Smishing is the term we use for phishing attacks sent via text message. This particular smishing scam tries to trick users into clicking a link by telling them they owe a “small amount” in toll fees. The scammers send a text claimin...

You’re going to start seeing more tax-related spam, but remember, that doesn’t actually mean there’s more spam

Its that time of the year when not only do you have to be worried about filing your federal taxes in the U.S., you must also be on the lookout for a whole manner of tax-related scams. These are something that pop up every year through email, texts, phone calls and even physical mail -- phony...

[updated] Vibrator virus steals your personal information

I know that some of you are expecting a post similar to that about a toothbrush botnet, but this is not a hypothetical case. It actually happened. A Malwarebytes Premium customer started a thread on Reddit saying we had blocked malware from trying to infect their computer after they connected a...

TD Bank: Reflected XSS on marketsandresearch.td.com

Summary: Hi TD security team, there is a reflected XSS vulnerability at http://marketsandresearch.td.com. As you are most likely aware, XSS vulnerabilities can have significant security implications, including allowing an attacker to inject malicious JS code into the application, which is then...

CVE-2022-41215

SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information...

CVE-2022-39301 sra-admin is vulnerable to storage cross-site scripting (XSS) via unrestricted file upload

sra-admin is a background rights management system that separates the front and back end. sra-admin version 1.1.1 has a storage cross-site scripting XSS vulnerability. After logging into the sra-admin background, an attacker can upload an html page containing xss attack code in "Personal Center" ...

SharkBot Android banking Trojan cleans users out

Researchers have discovered and analyzed a new Android banking Trojan that allows attackers to steal sensitive banking information such as user credentials, personal information, current balance, and even to perform gestures on the infected device. According to the researchers, SharkBot...

Mozilla Firefox Security Advisory (MFSA2015-148) - Linux

This host is missing a security update for Mozilla Firefox. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

TangleBot Malware Reaches Deep into Android Device Functions

An Android malware called TangleBot has weaved its way onto the cyber-scene: One that researchers said can perform a bouquet of malicious actions, including stealing personal info and controlling apps and device functions. According to Cloudmark researchers, the newly discovered mobile malware is...

Brave Software: Cross-origin resource sharing misconfiguration (CORS)

Hi! In this report I want to describe High level bug which can seriously compromise a user account. If I am authorize on this site, I can steal user's sessions, some personal information or do some action. In my tests, I found the relevant vulnerability using different methods. I detected the COR...

This Isn't the Phishing Your First Boss Knew

Phishing has been around for nearly as long as email has, and the perception that phishing tactics have not evolved persists. Many people believe we are still in the era of the easy-to-spot "Nigerian prince" emails, shown below. Underneath that, we see a highly creative, yet not any more...

Scammers Prey on Instagram Vanity and 'Verified Account' Status

UPDATE A new Instagram phishing scam circulating the internet lures victims in with promises of exclusive “verified account” status – and then makes away with their personal information. The scam centers around Instagram’s labeling of verified accounts, which indicates that the account user is a...