Researchers Trick Perplexity's Comet AI Browser Into Phishing Scam in Under Four Minutes

Agentic web browsers that leverage artificial intelligence AI capabilities to autonomously execute actions across multiple websites on behalf of a user could be trained and tricked into falling prey to phishing and scam traps. The attack, at its core, takes advantage of AI browsers' tendency to...

Spotify, Audible, and Amazon used to push dodgy forex trading sites and more

Spotify and Amazon services have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software according to our friends over at BleepingComputer. Cybercriminals are abusing the options to inject keywords and...

The Pig Butchering Invasion Has Begun

Scamming operations that once originated in Southeast Asia are now proliferating around the world, likely raking in billions of dollars in the process...

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

Watch out for tech support scams lurking in sponsored search results

This blog post was written based on research carried out by Jérôme Segura. A campaign using sponsored search results is targeting home users and taking them to tech support scams. Sponsored search results are the ones that are listed at the top of search results and are labelled "Sponsored". They...

Google Sues App Developers Over Fake Crypto Investment App Scam

Google has filed a lawsuit in the U.S. against two app developers for allegedly engaging in an "international online consumer investment fraud scheme" that tricked users into downloading bogus Android apps from the Google Play Store and other sources and stealing their funds under the guise of...

Yahoo!: Bitly link takeover

A vulnerability was discovered in which a Bitly link referred to in the description of a Yahoo Twitter handle was broken and redirected to an unintended destination. This situation presented an opportunity for attackers to potentially hijack the link and direct users to a malicious website for...

inDrive: inDriver Job - Admin Approval Bypass

A vulnerability was discovered in the "inDriver Job" application that allowed an attacker to bypass the admin approval process for publishing job offers. This vulnerability enabled the attacker to publish arbitrary content without undergoing the necessary moderation step...

swapExactTokensForTokens in is used with amountOutMin = 0

Handle 0x0x0x Vulnerability details Impact In UniswapHandler.sol two important functions sellMalt and buyMalt use swapExactTokensForTokens with amountOutMin = 0. This is a big problem since miners can exploit this intensively. So miners can strongly manipulate the price, since they can order the...

Spam and phishing in Q3 2021

Quarterly highlights Scamming championship: sports-related fraud This summer and early fall saw some major international sporting events. The delayed Euro 2020 soccer tournament was held in June and July, followed by the equally delayed Tokyo Olympics in August. Q3 2021 also featured several F1...

REvil Affiliates Confirm Getting Screwed Out of Payments

A day after news broke about REvil having screwed their own affiliates out of ransomware payments – by using double chats and a backdoor that let REvil operators hijack ransom payments – those affiliates took to the top Russian-language hacking forum to renew their demands for REvil to fork over...

BEC Losses Top $1.8B as Tactics Evolve

Business email compromise BEC attacks ramped up significantly in 2020, with more than $1.8 billion stolen from organizations with these types of attacks last year alone — and things are getting worse. BEC attacks are carried out by cybercriminals either impersonating someone inside an organizatio...

Telegram Bots at Heart of Classiscam Scam-as-a-Service

A new automated scam-as-a-service has been unearthed, which leverages Telegram bots in order to steal money and payment data from European victims. The scam, which researchers call Classiscam, is being sold as a service by Russian-speaking cybercriminals, and has been used by at least 40 separate...

Monero: Misreporting of received amount by show_transfers

Summary: A sender may cause showtransfers to report a higher amount that was actually sent on the recipient's showtransfers output. Description: Due to a flaw in processnewtransaction in wallet2.cpp, if the tx pubkey is present multiple times, it will decode outputs correctly as many times, and a...

Tech support scammers find new way to jam Google Chrome (updated)

Update 1 2018-02-07: This issue with Google Chrome was reported here and merged here. Update 2 2018-02-07: Firefox and Brave seem to be affected by this bug as well both vendors were informed. During the past quarter we have noted an increase in fake browser alerts pushing tech support scams. Mos...

Social game Zynga's YoVille gets hacked

Social game Zynga's YoVille gets hacked Matt Spencer has been an active player of "YoVille" since the Zynga-owned virtual world launched in 2008, but hasn't played the game in about three weeks. He post a complaint on the gaming company's forum that in late January, Spencer's "YoVille" account wa...

German Engineer Arrested In Card Skimming Plot

A German engineer was sentenced to three years in jail on Friday after he was found transporting card skimming technology into Britain according to a report from Reuters UK. Thomas Beeckmann, 26, was stopped at London’s Victoria Coach Station in June with 17 electronic scamming circuits. The...

NOD32 Cross Site Scripting

. http://www.nod32.com.cn | /\ \ \ \ / \ / \ / | // | / / \ \ | | \ || //\ | / /\ \ / \ | / / / / / / / / Cross Site Scripting Exploit Author: Sora Contact: vhr95zw at hotmail dot com Website: http://greyhathackers.wordpress.com Vulnerability: Cross Site Scripting ————————- 1. INFORMATION...