41 matches found
Spam and phishing in 2025
The year in figures 44.99% of all emails sent worldwide and 43.27% of all emails sent in the Russian web segment were spam 32.50% of all spam emails were sent from Russia Kaspersky Mail Anti-Virus blocked 144,722,674 malicious email attachments Our Anti-Phishing system thwarted 554,002,207 attemp...
Received an Instagram password reset email? Here’s what you need to know
Last week, many Instagram users began receiving unsolicited emails from the platform that warned about a password reset request. The message said: “Hi username, We got a request to reset your Instagram password. If you ignore this message, your password will not be changed. If you didn’t request ...
EUVD-2024-31248
Malicious code in bioql PyPI...
5 riskiest places to get scammed online
Scammers love your smartphone. They can text you fraudulent tracking links for packages you never bought. They can profess their empty love to you across your social media apps. They can bombard your email inbox with phishing attempts, impersonate a family member through a phone call, and even...
CVE-2024-36494
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if th...
CVE-2023-5629
A CWE-601:URL Redirection to Untrusted Site ‘Open Redirect’ vulnerability exists that could cause disclosure of information through phishing attempts over HTTP...
CVE-2025-27156
Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail...
From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch
In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second just in Entra ID—a 75% increase from last year—and phishing attempts up by 58%, causing $3.5 billion in losses source: Microsoft Digital Defense Report 2024. SaaS attacks are increasing, with hackers ofte...
CVE-2024-36494 Reflected Cross Site Scripting
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if th...
CVE-2024-33510
Fortinet CVE-2024-33510 targets FortiOS versions <=7.4.3, <=7.2.8, <=7.0.16 and FortiProxy <=7.4.3, <=7.2.9,
Fortinet Fortigate SSLVPN WEB UI Text injection (FG-IR-24-033)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-24-033 advisory. - An improper neutralization of special elements in output used by a downstream component 'Injection' vulnerability CWE-74 in...
Cyber Threats Targeting the US Government During the Democratic National Convention
Cyber Threats Targeting the US Government During the Democratic National Convention By Anne An · October 2, 2024 Introduction Trellix global sensors detected increased threat activities during the days that the Democratic National Convention DNC was held in August 2024, culminating into a massive...
Affirm says Evolve Bank data breach also compromised some of its customers
Buy now, pay later payment specialist Affirm has warned that holders of its payment cards had their personal information exposed after a ransomware attack and data breach at Evolve Bank & Trust. In a form 8-K, submitted to the Securities and Exchange Commission SEC, Affirm states: “Because the...
Google Introduces Enhanced Real-Time URL Protection for Chrome Users
Google on Thursday announced an enhanced version of Safe Browsing to provide real-time, privacy-preserving URL protection and safeguard users from visiting potentially malicious sites. "The Standard protection mode for Chrome on desktop and iOS will check sites against Google's server-side list o...
Customer data stolen from gaming cloud host Shadow
Cloud infrastructure provider Shadow has warned of the data theft of over 500,000 customers. The customers were informed by a breach notification which was posted online. Cloud is known in the gaming world and, among other things, allows gamers to play resource heavy games on lower-end devices, T...
#StopRansomware: Cuba Ransomware
Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce phishing-resistant multifactor authentication. Note: This joint Cybersecurity Advisory C...
The Guardian hit by "ransomware attack"
On Tuesday December 20, 2022 British newspaper The Guardian experienced a major IT security incident that crippled a part of its IT infrastructure. The suspected cause is ransomware. In an online article the newspaper published an internal statement from the chief executive and the editor-in-chie...
#StopRansomware: Vice Society
Note: This joint Cybersecurity Advisory CSA is part of an ongoing StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These StopRansomware advisories include recently and historically observed tactics, techniques,...
#StopRansomware: MedusaLocker
CISA, the Federal Bureau of Investigation FBI, the Department of the Treasury Treasury, and the Financial Crimes Enforcement Network FinCEN have released a joint Cybersecurity Advisory CSA, StopRansomware: MedusaLocker, to provide information on MedusaLocker ransomware. MedusaLocker actors target...
2022 Cloud Misconfigurations Report: A Quick Look at the Latest Cloud Security Breaches and Attack Trends
Every year, Rapid7's team of cloud security experts and researchers put together a report to review data from publicly disclosed breaches that occurred over the prior year. The goal of this report is to unearth patterns and trends in cloud-related breaches and persistent exposures, so organizatio...