Lucene search
K

13 matches found

Wired Threat Level
Wired Threat Level
added 2026/06/11 4:7 p.m.13 views

Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts

A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/18 10:37 a.m.17 views

Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages

Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites. The malicious npm...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2024/10/28 11:10 a.m.40 views

Cybercriminals Use Webflow to Deceive Users into Sharing Sensitive Login Credentials

Cybersecurity researchers have warned of a spike in phishing pages created using a website builder tool called Webflow, as threat actors continue to abuse legitimate services like Cloudflare and Microsoft Sway to their advantage. "The campaigns target sensitive information from different crypto...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/26 4:24 a.m.236 views

Over 110,000 Websites Affected by Hijacked Polyfill Supply Chain Attack

Google has taken steps to block ads for e-commerce sites that use the Polyfill.io service after a Chinese company acquired the domain and modified the JavaScript library "polyfill.js" to redirect users to malicious and scam sites. "Protecting our users is our top priority. We detected a security...

9.8CVSS9AI score0.99994EPSS
Exploits38
Pen Test Partners Blog
Pen Test Partners Blog
added 2023/04/11 5:28 a.m.22 views

London Councils & pirate books. Google dorking for subdomain takeovers

TL;DR Google dorks found me an exploited DigitalOcean subdomain takeover on London Councils’ .gov.uk domain It used a meta refresh to redirect to a site hosting unprovenanced PDFs London Councils had a security.txt file which made disclosure a doddle Their security team were awesome and fixed it...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/10 10:16 a.m.48 views

Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign

Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites...

7.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/04/10 10:16 a.m.2 views

Over 1 Million WordPress Sites Infected by Balada Injector Malware Campaign

Over one million WordPress websites are estimated to have been infected by an ongoing campaign to deploy malware called Balada Injector since 2017. The massive campaign, per GoDaddy's Sucuri, "leverages all known and recently discovered theme and plugin vulnerabilities" to breach WordPress sites...

7.1AI score
Exploits0
Malwarebytes
Malwarebytes
added 2022/05/03 1:16 p.m.25 views

Airdrop phishing: what is it, and how is my cryptocurrency at risk?

Airdrop phishing is a really popular tactic at the moment. It emerged alongside the explosion of Web3/NFT/cryptocurrency popularity, and ensures scammers get a slice of the money pie. You may well have heard the term in passing, and wondered what an Airdrop is. Is your iPhone about to be Airdrop...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2021/02/17 7:11 a.m.2 views

Malvertisers Exploited WebKit 0-Day to Redirect Browser Users to Scam Sites

A malvertising group known as "ScamClub" exploited a zero-day vulnerability in WebKit-based browsers to inject malicious payloads that redirected users to fraudulent websites gift card scams. The attacks, first spotted by ad security firm Confiant in late June 2020, leveraged a bug CVE-2021–1801...

6.5CVSS7.2AI score0.01515EPSS
Exploits0
The Hacker News
The Hacker News
added 2020/03/26 9:21 a.m.57 views

Watch Out: Android Apps in Google Play Store Capitalizing on Coronavirus Outbreak

Preying on public fears, the ongoing coronavirus outbreak is proving to be a goldmine of opportunity for attackers to stage a variety of malware attacks, phishing campaigns, and create scam sites and malicious tracker apps. Now in a fresh twist, third-party Android app developers too have begun t...

0.1AI score
Exploits0
ThreatPost
ThreatPost
added 2019/05/06 4:0 p.m.51 views

Avengers: Endgame Sites Promise Digital Downloads, Deliver Info-Harvesting

Marvel Studio’s long-awaited superhero juggernaut Avengers: Endgame, represents the second-largest worldwide box-office haul for any film, ever – raking in $2.2 billion in its first two weekends. With demand like that, perhaps it’s not surprising that enterprising scammers are already luring in...

0.6AI score
Exploits0References8
Malwarebytes
Malwarebytes
added 2017/12/15 11:30 p.m.57 views

Exosrv.com, an ad server for adult sites, tops Malwarebytes detections

Update 12/18/2017: Upon review, we have decided to lift the block on those two ad servers. You can read ExoClick's comments below: At Exoclick we use large resources to ensure that the ads that we serve are clear, clean and issue free. Where malwares and other forms of malvertising are detected...

6.5AI score
Exploits0
ThreatPost
ThreatPost
added 2011/01/17 3:12 p.m.12 views

Scam Sites Demanding SMS Payment For Fake Flash, Firefox Downloads

Phishers and scammers have developed a new tactic for separating victims from their money that involves getting them to pay for software that’s normally free, such as Mozilla Firefox or Adobe Flash. The new scam is offering users the opportunity to download applications such as Flash, Firefox and...

1.4AI score
Exploits0References2
Rows per page
Query Builder