75 matches found
OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts
OpenAI is rolling out Advanced Account Security for people concerned that their ChatGPT or Codex accounts could be potential targets of phishing attacks...
CVE-2024-41801
OpenProject is open source project management software. Prior to version 14.3.0, using a forged HOST header in the default configuration of packaged installations and using the "Login required" setting, an attacker could redirect to a remote host to initiate a phishing attack against an OpenProje...
SUSE CVE-2025-69412
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API aka phishing API, which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration...
CVE-2025-69412
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API aka phishing API, which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration...
Festo Compact Vision System, Control Block, Controller, and Operator Unit products
RISK EVALUATION Successful exploitation of these vulnerabilities could result in an attacker accessing devices without authentication or modifying configuration files. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these...
Think passwordless is too complicated? Let's clear that up
By Janet Ho, Cisco Duo Why passwords are still a problem We've relied on passwords for years to protect our online accounts, but they've also become one of the easiest ways attackers get in. Many people reuse or simplify passwords, or even write them down because it's hard to remember so many. Th...
EUVD-2007-1730
Malware in sbrugna...
EUVD-2017-16789
Malware in sbrugna...
EUVD-2006-6953
Malware in sbrugna...
EUVD-2007-0799
Malware in sbrugna...
EUVD-2007-1731
Malware in sbrugna...
FUJIFILM Healthcare Americas Synapse Mobility
RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to access information beyond their assigned roles. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize network...
SSH-Passkeys: Leveraging Web Authentication for Passwordless SSH
We propose a method for using Web Authentication APIs for SSH authentication, enabling passwordless remote server login with passkeys. These are credentials that are managed throughout the key lifecycle by an authenticator on behalf of the user and offer strong security guarantees. Passwords rema...
CVE-2006-6971
Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in 1 dotted-hex, 2 dotted-octal, 3 single decimal integer, 4 single hex integer, or 5 single octal integer format, which is not captured by...
A week in security (May 12 – May 18)
Last week on Malwarebytes Labs: Data broker protection rule quietly withdrawn by CFPB Meta sent cease and desist letter over AI training Google to pay $1.38 billion over privacy violations Android users bombarded with unskippable ads Last week on ThreatDown: ThreatDown introduces Firewall...
Forcepoint Email Security 安全漏洞
Forcepoint Email Security is a suite of email protection solutions from US-based Forcepoint. The product includes features such as spam filtering, malware detection, phishing protection, and protection against intrusion BEC attacks. A security vulnerability exists in Forcepoint Email Security 8.5...
Qualys Adds Threat Intelligence for Typosquatting and Defamatory Domains to External Attack Surface Management
Cybersecurity professionals can now use Qualys CyberSecurity Asset Management CSAM with External Attack Surface Management EASM to reduce cyber risks from credential harvesting, phishing, and malware downloads and diminish reputational harm. Bad actors have been registering look-alike, sound-alik...
iMessage text gets recipient to disable phishing protection so they can be phished
A smishing SMS phishing campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple's built in phishing protection. For months, iMessage users have been posting examples online of how phishers are trying to get around this protection. And, now, the campign is...
CVE-2024-25707 BUG-000160241 - Reflected XSS in Portal for ArcGIS
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authenticated attacker with administrative access to supply a crafted string which could potentially execute arbitrary JavaScript code in the their own browser Self XSS. A...
Guide: How Google Workspace-based Organizations can leverage Chrome to improve Security
More and more organizations are choosing Google Workspace as their default employee toolset of choice. But despite the productivity advantages, this organizational action also incurs a new security debt. Security teams now have to find a way to adjust their security architecture to this new cloud...