“Legitimate” phishing: how attackers weaponize Amazon SES to bypass email security

Introduction The primary goal for attackers in a phishing campaign is to bypass email security and trick the potential victim into revealing their data. To achieve this, scammers employ a wide range of tactics, from redirect links to QR codes. Additionally, they heavily rely on legitimate sources...

EUVD-2023-58959

Malicious code in bioql PyPI...

EUVD-2024-33611

Malicious code in bioql PyPI...

EUVD-2025-2020

Malicious code in bioql PyPI...

New Promptware Attack Hijacks User’s Gemini AI Via Google Calendar Invite

Cybersecurity researchers demonstrate a new attack on Google Gemini AI for Workspace. Discover how a simple calendar invite can be used to perform phishing, steal emails, and even control home appliances...

Chaos RaaS Emerges After BlackSuit Takedown, Demanding $300K from U.S. Victims

A newly emerged ransomware-as-a-service RaaS gang called Chaos is likely made up of former members of the BlackSuit crew, as the latter's dark web infrastructure has been the subject of a law enforcement seizure. Chaos, which sprang forth in February 2025, is the latest entrant in the ransomware...

Defending against evolving identity attack techniques

In today’s evolving cyber threat landscape, threat actors are committed to advancing the sophistication of their attacks. The increasing adoption of essential security features like multifactor authentication MFA, passwordless solutions, and robust email protections has changed many aspects of th...

CVE-2023-6746

An insertion of sensitive information into log file vulnerability was identified in the log files for a GitHub Enterprise Server back-end service that could permit an adversary in the middle attack when combined with other phishing techniques. To exploit this, an attacker would need access to the...

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

Over the past year, Microsoft observed the persistent growth and operational sophistication of Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors to target various industries. Our investigation into Lumma Stealer’s distribution infrastructure reveals a...

38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin...

CVE-2025-1145

NetVision Information ISOinsight has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...

CVE-2025-1145 NetVision Information ISOinsight - Reflected Cross-site Scripting

NetVision Information ISOinsight has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...

CVE-2025-1145

CVE-2025-1145 affects NetVision Information ISOinsight. The connected sources describe a reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to execute arbitrary JavaScript in a user’s browser, typically via phishing. The impact is user-side script execution ...

Hackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security Detection

Bogus software update lures are being used by threat actors to deliver a new stealer malware called CoinLurker. "Written in Go, CoinLurker employs cutting-edge obfuscation and anti-analysis techniques, making it a highly effective tool in modern cyber attacks," Morphisec researcher Nadav Lorber...

Flying Under the Radar - Security Evasion Techniques

Dive into the evolution of phishing and malware evasion techniques and understand how attackers are using increasingly sophisticated methods to bypass security measures. The Evolution of Phishing Attacks "I really like the saying that 'This is out of scope' said no hacker ever. Whether it's trick...

LodaRAT: Established Malware, New Victim Patterns

Executive Summary Rapid7 has observed an ongoing malware campaign involving a new version of LodaRAT. This version possesses the ability to steal cookies and passwords from Microsoft Edge and Brave. LodaRAT, first observed in 2016, is a remote access tool RAT written in AutoIt. Development of...

CVE-2024-11019

Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...

CVE-2024-11019

CVE-2024-11019 affects Webopac from Grand Vice info. The connected documents describe a Reflected Cross-site Scripting vulnerability that allows unauthenticated remote attackers to execute arbitrary JavaScript in a user’s browser via phishing techniques. CVSSv3.1 base score 6.1 (Medium) with Netw...

CVE-2024-11019 Grand Vice info Webopac7 - Reflected XSS

Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques...

Warning: Markopolo's Scam Targeting Crypto Users via Fake Meeting Software

A threat actor who goes by alias markopolo has been identified as behind a large-scale cross-platform scam that targets digital currency users on social media with information stealer malware and carries out cryptocurrency theft. The attack chains involve the use of a purported virtual meeting...