126 matches found
Fake Pudgy World site steals your crypto passwords
A phishing site impersonating the newly-launched Pudgy World browser game is targeting crypto users with a technique that goes well beyond a convincing logo and matching color scheme. Pudgy World is a free-to-play browser game built around the Pudgy Penguins NFT brand. Players explore a virtual...
LastPass Warns of Fake Maintenance Messages Targeting Users' Master Passwords
LastPass is alerting users to a new active phishing campaign that's impersonating the password management service, which aims to trick users into giving up their master passwords. The campaign, which began on or around January 19, 2026, involves sending phishing emails claiming upcoming maintenan...
MiracleLinux 8 : thunderbird-115.7.0-1.el8_9.ML.1 (AXSA:2024-7501:04)
The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-7501:04 advisory. Mozilla: Out of bounds write in ANGLE CVE-2024-0741 Mozilla: Failure to update user input timestamp CVE-2024-0742 Mozilla: Crash when listing printe...
Phishing scammers are posting fake “account restricted” comments on LinkedIn
Recently, fake LinkedIn profiles have started posting comment replies claiming that a user has " engaged in activities that are not in compliance" with LinkedIn's policies and that their account has been " temporarily restricted" until they submit an appeal through a specified link in the comment...
CVE-2022-38705
IBM CICS TX 11.1 Standard and Advanced could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 234172...
EUVD-2020-26096
Malware in sbrugna...
EUVD-2020-25737
Malware in sbrugna...
EUVD-2023-42510
Malicious code in bioql PyPI...
EUVD-2022-41274
Malicious code in bioql PyPI...
Pre-approved GLP-1 prescription scam could be bad for your health
A co-worker received a text which is, unfortunately, becoming more common. The text pretends to come from a doctor and states a weight-loss medication prescription has been approved. “Good morning. This is Dr. Santos. I pre-approved your GLP1 prescription. You may start treatment as of 09/04...
TencentOS Server 3: thunderbird (TSSA-2024:0054)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0054 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
Toxic trend: Another malware threat targets DeepSeek
Introduction DeepSeek-R1 is one of the most popular LLMs right now. Users of all experience levels look for chatbot websites on search engines, and threat actors have started abusing the popularity of LLMs. We previously reported attacks with malware being spread under the guise of DeepSeek to...
CVE-2023-38735
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482...
Security Bulletin: IBM OpenPages with Watson has addressed a reverse tabnabbing vulnerability (CVE-2020-4440)
Summary IBM OpenPages with Watson has addressed a reverse tabnabbing vulnerability CVE-2020-4440 Vulnerability Details CVEID:CVE-2020-4440 DESCRIPTION: IBM OpenPages with Watson could allow an authenticated user to replace a target page with a phishing site which could allow the attacker to obtai...
FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices
An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices. "Disguised as a fake 'Telegram Premium' app, it is distributed through a...
Fake funeral “live stream” scams target grieving users on Facebook
Some scammers have the morals of an alley cat. But some sink even lower. Over the last few months, Malwarebytes Labs has discovered scammers active on Facebook that prey on bereaved people by using stolen images and phony funeral live stream links to steal money and/or credit card details. These...
Improper Input Validation
github.com/rancher/rancher is vulnerable to Improper Input Validation. The vulnerability is due to the tampering of the errorMsg parameter, allowing for the display of arbitrary content, filtering tags but not special characters or symbols. This can lead to malicious users to lure legitimate user...
Ubuntu 20.04 LTS / 22.04 LTS / 23.10 : Thunderbird vulnerabilities (USN-6669-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6669-1 advisory. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsin...
CentOS 8 : firefox (CESA-2024:0608)
The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the CESA-2024:0608 advisory. - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affec...
Rocky Linux 8 : firefox (RLSA-2024:0608)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0608 advisory. - An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affect...