Lucene search
K

19 matches found

The Hacker News
The Hacker News
added 2026/02/24 2:21 p.m.10 views

UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack to likely facilitate intelligence gathering or financial theft, signaling a possible expansion of the threat actor's targeting beyond Ukraine and into entities...

6.2AI score
Exploits0
Redos
Redos
added 2026/01/22 12:0 a.m.4 views

ROS-20260122-73-0017

A vulnerability in the Split View component of Google Chrome browser is related to authentication bypass via spoofing. Exploitation of the vulnerability could allow a remote attacker to spoof the user interface using a specially crafted domain name...

4.3CVSS5.7AI score0.00174EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.8 views

PT-2026-3271

Name of the Vulnerable Software and Affected Versions Dia versions prior to 1.9.0 Description A flaw exists in Dia that, on macOS, could allow an attacker to spoof a trusted domain in the window title of custom-sized new windows. This could mislead users about the current site due to a missing...

7.4CVSS6.2AI score0.00237EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/01/16 12:0 a.m.4 views

MiracleLinux 4 : libvirt-0.10.2-18.0.1.AXS4 (AXSA:2013-197:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2013-197:03 advisory. Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd...

5CVSS7AI score0.05028EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2023/08/15 7:8 a.m.40 views

North Korean Hackers Suspected in New Wave of Malicious npm Packages

The npm package registry has emerged as the target of yet another highly targeted attack campaign that aims to entice developers into downloading malevolent modules. Software supply chain security firm Phylum told The Hacker News the activity exhibits similar behaviors to that of a previous attac...

6.6AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 5:42 a.m.4 views

SUSE CVE-2013-0198

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix...

5CVSS8.5AI score0.02795EPSS
Exploits1References3
Malwarebytes
Malwarebytes
added 2022/03/03 3:2 p.m.16 views

Don’t fall for the “Donate to help children in Ukraine” scam

Earlier this week, we spotted a Microsoft sign-in phish that appeared to be taking advantage of the Ukraine crisis in order to scam people. The email warned of unauthorized log in attempts to the recipients account, and the location of those attempts was listed as "Russia/Moscow". We probably won...

0.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/09/27 11:21 a.m.33 views

How Does DMARC Prevent Phishing?

DMARC is a global standard for email authentication. It allows senders to verify that the email really comes from whom it claims to come from. This helps curb spam and phishing attacks, which are among the most prevalent cybercrimes of today. Gmail, Yahoo, and many other large email providers hav...

Exploits0
ThreatPost
ThreatPost
added 2020/12/03 3:47 p.m.29 views

Cyberattacks Target COVID-19 Vaccine 'Cold-Chain' Orgs

A sophisticated, global phishing campaign has been targeting the credentials of organizations associated with the COVID-19 “cold-chain” – companies that ensure the safe preservation of vaccines by making sure they are stored and transported in temperature-controlled environments. The phishing...

0.5AI score
Exploits0References13
CNVD
CNVD
added 2019/12/11 12:0 a.m.2 views

Google Chrome Omnibox Input Validation Error Vulnerability (CNVD-2019-46421)

Google Chrome is a web browser from Google, Inc. and Omnibox is a real-time search engine. An input validation error vulnerability exists in Google Chrome Omnibox. An attacker can exploit this vulnerability to spoof domain names with the help of specially crafted domain names...

4.3CVSS8.4AI score0.01166EPSS
Exploits0References1
CNVD
CNVD
added 2019/12/11 12:0 a.m.3 views

Google Chrome Input Validation Error Vulnerability (CNVD-2019-46426)

Google Chrome is a web browser from Google, an American company. Google Chrome suffers from an input validation error vulnerability. An attacker can exploit this vulnerability to spoof domain names with the help of specially crafted HTML pages...

4.3CVSS8.4AI score0.0129EPSS
Exploits1References1
Hacker One
Hacker One
added 2017/10/09 9:58 p.m.16 views

Tor: Address Bar Spoofing on TOR Browser

Hi TOR team, I would like to report a security bug in your browser: Step 1: Goto http://www.ոokia.com/http://jsbin.com/wuyikedaxi/1/edit?html,output Step 2: Observe that address bar points to http://www.ոokia.com/ which actually to be pointing to http://xn--okia-zgf.com, however browser displays...

1.2AI score
Exploits0
NVD
NVD
added 2015/02/11 3:0 a.m.25 views

CVE-2015-0008

The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remot...

8.3CVSS8AI score0.2858EPSS
Exploits4References8
Prion
Prion
added 2015/02/11 3:0 a.m.31 views

Remote code execution

The UNC implementation in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not include authentication from the server to the client, which allows remot...

8.3CVSS8.7AI score0.2858EPSS
Exploits4References8Affected Software5
OSV
OSV
added 2013/03/05 9:38 p.m.3 views

DEBIAN-CVE-2013-0198

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix...

5CVSS6.8AI score0.02795EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 2013/02/20 4:19 p.m.6 views

libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via a spoofed DNS query...

5CVSS5.9AI score0.05028EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2009/12/14 5:30 p.m.21 views

CVE-2009-4129

Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain...

5.8CVSS5.9AI score0.00753EPSS
Exploits0References1
NVD
NVD
added 2009/12/14 5:30 p.m.18 views

CVE-2009-4129

Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain...

5.8CVSS6.5AI score0.00753EPSS
Exploits0References4
Prion
Prion
added 2009/12/14 5:30 p.m.24 views

Race condition

Race condition in Mozilla Firefox allows remote attackers to produce a JavaScript message with a spoofed domain association by writing the message in between the document request and document load for a web page in a different domain...

5.8CVSS7AI score0.00753EPSS
Exploits0References4
Rows per page
Query Builder