Lucene search
K

68 matches found

Securelist
Securelist
added 2026/05/06 9:30 a.m.6 views

Websites with an undefined trust level: avoiding the trap

Executive summary A suspicious website is a web resource that cannot be definitively classified as phishing, but whose activities are unsafe. Such sites manipulate users, tricking them into voluntarily transferring money for non-existent services, signing up for hidden subscriptions, or disclosin...

5.5AI score
Exploits0
The Hacker News
The Hacker News
added 2025/11/20 11:30 a.m.4 views

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

CTM360 has identified a rapidly expanding WhatsApp account-hacking campaign targeting users worldwide via a network of deceptive authentication portals and impersonation pages. The campaign, internally dubbed HackOnChat, abuses WhatsApp's familiar web interface, using social engineering tactics t...

6.8AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.6 views

Siemens SIMATIC S7-1500 Missing Encryption of Sensitive Data (CVE-2022-27779)

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's cookie engine can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...

5.3CVSS6.6AI score0.02414EPSS
Exploits1References4
Packet Storm News
Packet Storm News
added 2025/10/15 12:0 a.m.7 views

Infrastructure Patterns in Toll Scam Domains: A Comprehensive Analysis of Cybercriminal Registration and Hosting Strategies

Toll scams involve criminals registering fake domains that pretend to be legitimate transportation agencies to trick users into making fraudulent payments. Although these scams are rapidly increasing and causing significant harm, they have not been extensively studied. We present the first...

6.7AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2004-0864

Malware in sbrugna...

7.5CVSS6.1AI score0.10075EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-1027

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00385EPSS
Exploits0References4
HackRead
HackRead
added 2025/06/10 3:30 p.m.8 views

20 Top-Level Domain Names Abused by Hackers in Phishing Attacks

Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings...

7.1AI score
Exploits0
Krebs on Security
Krebs on Security
added 2024/08/23 2:12 p.m.13 views

Local Networks Go Global When Domain Names Collide

The proliferation of new top-level domains TLDs has exacerbated a well-known security weakness: Many organizations set up their internal Microsoft authentication systems years ago using domain names in TLDs that didnt exist at the time. Meaning, they are continuously sending their Windows usernam...

7.2AI score
Exploits0
OSV
OSV
added 2023/07/10 7:8 p.m.56 views

GHSA-MRR8-V49W-3333 sweetalert2 contains potentially undesirable behavior

sweetalert2 versions from 11.6.14 to before 11.22.4 have potentially undesirable behavior. The package outputs audio and/or video messages that do not pertain to the functionality of the package when run on specific tlds. This functionality is documented on the project's readme...

5.9AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/07/10 12:0 a.m.13 views

PT-2023-33044 · Unknown · Sweetalert2

Name of the Vulnerable Software and Affected Versions: sweetalert2 versions 11.6.14 and above Description: The sweetalert2 package exhibits potentially undesirable behavior by outputting audio and/or video messages unrelated to its functionality when run on specific top-level domains TLDs. This...

7.1AI score
Exploits0References4
Trend Micro Simply Security
Trend Micro Simply Security
added 2023/05/23 12:0 a.m.14 views

Future Exploitation Vector: File Extensions as Top-Level Domains

In this blog entry, we will examine the security risks related to file extension-related Top-Level Domains TLDs while also providing best practices and recommendations on how both individual users and organizations can protect themselves from these hazards...

7AI score
Exploits0
Malwarebytes
Malwarebytes
added 2023/05/18 11:30 a.m.17 views

Zip domains, a bad idea nobody asked for

If you heard a strange and unfamiliar creaking noise on May 3, it may have been the simultaneous rolling of a million eyeballs. The synchronised ocular rotation was the less than warm welcome that parts of the IT and security industries--this author included--gave to Google's decision to put .zip...

6.7AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/03/03 12:0 a.m.5 views

CVE-2022-2837

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains TLD to a pod they control by creating projects and namespaces that match the TLD...

6.9AI score0.00385EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/03 12:0 a.m.34 views

CVE-2022-2837

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains TLD to a pod they control by creating projects and namespaces that match the TLD...

6.3AI score0.00385EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 5:49 a.m.3 views

SUSE CVE-2011-4681

Opera before 11.60 does not properly consider the number of . dot characters that conventionally exist in domain names of different top-level domains, which allows remote attackers to bypass the Same Origin Policy by leveraging access to a different domain name in the same top-level domain, as...

5CVSS6.9AI score0.02093EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 5:37 a.m.4 views

SUSE CVE-2013-3210

Opera before 12.15 does not properly block top-level domains in Set-Cookie headers, which allows remote attackers to obtain sensitive information by leveraging control of a different web site in the same top-level domain...

5CVSS6.2AI score0.01667EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:26 a.m.3 views

SUSE CVE-2022-27779

libcurl wrongly allows cookies to be set for Top Level Domains TLDs if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without Public Suffix Listawareness. If PSL support not provided, a more rudimentary check...

6.5CVSS8.6AI score0.02414EPSS
Exploits1References3
OSV
OSV
added 2022/11/26 11:1 a.m.9 views

OPENSUSE-SU-2022:10219-1 Security update for opera

This update for opera fixes the following issues: Update to 93.0.4585.11 - CHR-9051 Update chromium on desktop-stable-107-4585 to 107.0.5304.88 - DNA-95965 Add support for more UD TLDs - DNA-102960 Replace messengers icons - DNA-102964 Crash at -FramedBrowserWindow sendEvent: - DNA-103125...

8.8CVSS8.8AI score0.0675EPSS
Exploits1References2
OSV
OSV
added 2022/11/26 11:1 a.m.10 views

OPENSUSE-SU-2022:10218-1 Security update for opera

This update for opera fixes the following issues: Update to 93.0.4585.11: - CHR-9051 Update chromium on desktop-stable-107-4585 to 107.0.5304.88 - DNA-95965 Add support for more UD TLDs - DNA-102960 Replace messengers icons - DNA-102964 Crash at -FramedBrowserWindow sendEvent: - DNA-103125...

8.8CVSS8.8AI score0.0675EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2022/08/16 9:8 a.m.40 views

CVE-2022-2837

A flaw was found in coreDNS. This flaw allows a malicious user to redirect traffic intended for external top-level domains TLD to a pod they control by creating projects and namespaces that match the TLD. Mitigation - Add a default admission controller to prevent the creation of projects or...

4.3CVSS1.6AI score0.00385EPSS
Exploits0References3
Rows per page
Query Builder