Fake Purchase Order Emails Spread Fileless PureLogs Malware via RAR Archives

Hackers are using fake purchase order emails and process hollowing to deploy fileless PureLogs malware to steal Windows users' browser, crypto, and Discord data...

CVE-2026-41576

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

CVE-2026-43876

CVE-2026-43876 describes an HTML injection vulnerability in WWBN AVideo: objects/notifySubscribers.json.php passes $_POST['message'] un sanitized into an HTML email template, then renders it with PHPMailer::msgHTML(). Attacker-controlled HTML is substituted into the email body and, due to a permi...

CVE-2026-43876 WWBN AVideo: HTML Injection in notifySubscribers.json.php Enables Platform-Branded Phishing Emails to Channel Subscribers

WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail, which substitutes it directly into an HTML email template via strreplace on the message placeholder and...

CVE-2026-41576 Ajax30/BraveCMS-2.0: Stored HTML Injection in Contact Email via nl2br() and Unescaped Blade Template

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible no authentication required. User-supplied message text is passed through PHP's nl2br function, which converts newlines to tags but does not escape HTML. The resulting string is then passed to a Blade...

Scammers Use Hidden Text to Bypass AI Email Filters in Phishing Scams

Scammers are hiding invisible text inside phishing emails to manipulate AI-powered email filters and increase the chances of scams reaching inboxes...

Improper Verification of Source of a Communication Channel

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Improper Verification of Source of a Communication Channel in the sendEmail.json.php process. An attacker can send emails appearing to originate from the site's...

Cyberattacks are raising your prices (Lock and Code S07E09)

This week on the Lock and Code podcast… Your prices could be going up because of a little something that one group has started calling the “cyber tax.” Not a “tax” in any regulatory sense of the word, this newly named “cyber tax” is instead a consequence of the growing number of cyberattacks on...

Real Apple notifications are being used to drive tech support scams

Scammers have found a way to abuse legitimate Apple account notification emails to trick targets into calling fake tech support numbers. According to a report from BleepingComputer, scammers create an Apple account and insert a phishing message into the personal information fields, then modify th...

A week in security (April 13 – April 19)

Last week on Malwarebytes Labs: This old-school scam is still working "Your shipment has arrived" email hides remote access software Browser Guard gets even better with Access Control "iCloud storage is full" scam is back, and now it wants your payment details A fake Slack download is giving...

Inside an AI‑enabled device code phishing campaign

In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. Indicators of compromise IOC 4. References 5. Learn more Microsoft Defender Security Research has observed a widespread phishing campaign leveraging the Device Code Authentication flow to compromise organizational...

DPRK-Linked Hackers Use GitHub as C2 in Multi-Stage Attacks Targeting South Korea

Threat actors likely associated with the Democratic People's Republic of Korea DPRK have been observed using GitHub as command-and-control C2 infrastructure in multi-stage attacks targeting organizations in South Korea. The attack chain, per Fortinet FortiGuard Labs, involves obfuscated Windows...

AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users

Summary The AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token. Because AVideo sets SameSite=None on session cookies, a cross-origin...

GHSA-C4XJ-X7P8-3X7Q AVideo: CSRF on emailAllUsers.json.php Enables Mass Phishing Email to All Users

Summary The AVideo endpoint objects/emailAllUsers.json.php allows administrators to send HTML emails to every registered user on the platform. While the endpoint verifies admin session status, it does not validate a CSRF token. Because AVideo sets SameSite=None on session cookies, a cross-origin...

Your tax forms sell for $20 on the dark web

Tax season is also peak season for identity theft. Criminals use stolen personal data to file fake tax returns and claim refunds before the real taxpayer does. Here’s how the fraud works, and how to protect yourself. What is Stolen Identity Refund Fraud SIRF? Stolen Identity Refund Fraud SIRF is ...

Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control C2 framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner...

How to understand and avoid Advanced Persistent Threats

By definition, an advanced persistent threat APT is a prolonged, targeted attack on a specific victim with the intention to compromise their system and gain information from or about that target. About a decade ago, the term was mostly used for state-sponsored threat actors. I used threat actors...

CVE-2026-0829

The CVE-2026-0829 entry concerns the Frontend File Manager Plugin for WordPress (up to version 23.5). It states unauthenticated users can relay emails through the site and access/share uploaded files by guessing file IDs, exposing sensitive information and enabling spam/phishing use. The descript...

Hackers Deliver Global Group Ransomware Offline via Phishing Emails

Global Group ransomware is delivered through phishing emails and can encrypt files offline without any internet connection...

Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT

Introduction Stan Ghouls also known as Bloody Wolf is an cybercriminal group that has been launching targeted attacks against organizations in Russia, Kyrgyzstan, Kazakhstan, and Uzbekistan since at least 2023. These attackers primarily have their sights set on the manufacturing, finance, and IT...