Google DoubleClick Abused in New Malspam Campaign to Deliver .NET Loader

Cybersecurity researchers have flagged a new malspam campaign that makes use of Google's DoubleClick domain as a way to evade detection and ultimately deliver an unidentified .NET-based loader. "Before the victim ever reaches attacker-controlled infrastructure, the lure routes through DoubleClick...

DNS Rebinding

sillytavern is vulnerable to DNS rebinding. The vulnerability is due to improper host validation in the web UI, which allows an attacker to exploit it by installing malicious extensions, reading chats, and injecting arbitrary HTML for phishing...

CVE-2025-27156 Tuleap allows content injection via emails sent by the mass emailing features

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail...

iCloud Phishing Campaign Zycode Back From the Dead

A phishing campaign aimed at Chinese Apple users that was thought to be in hibernation has been roused from its slumber. Researchers in June spotted the campaign, dubbed Zycode, targeting Apple iCloud users. A rash of suspended domains that month led to a lull for the campaign however; researcher...