A pre-authenticated remote code execution flaw has been revealed in dotCMS, an open-source content management system written in Java and “used by over 10,000…
JavaScript
Parrot Traffic Direction System (TDS) is a new web redirection service by Parrot
In harmful campaigns, a Traffic Direction System (TDS) is used to lead individuals who fit a specific profile to phishing sites. The FakeUpdate campaign…
New Browser-in-the Browser (BITB) Attack Makes Phishing Nearly Undetectable
Can web browsers protect us, even if it is HTTPS? Maybe yes, but not with the novel BitB attack, which fakes us by a…
Zimbra issues hotfix for XSS vulnerability under active exploitation
Attackers have targeted mailboxes in multiple waves across two attack phases. Business email platform Zimbra has released a hotfix for a cross-site scripting (XSS)…
Android Users were Targeted by Dark Herring
A fraudulent subscription campaign called Dark Herring has targeted over 100 million Android users worldwide. The campaign has been operating for almost two years.…
Threat actor exploiting a zero-day vulnerability in the Zimbra open-source email platform
A threat actor, likely to be Chinese, targeted a zero-day vulnerability in the Zimbra open-source email platform. The zero-day exploitation is part of a…
Hackers using a new method to plant AsyncRAT malware
A malware campaign, since September 2021, has been using an advanced phishing attack to deliver the AsyncRAT trojan. “Through a simple email phishing tactic…
Chrome patch for zero-day Vulnerability
Google released a patch for 5 vulnerabilities found in Chrome. One of the vulnerabilities was being exploited in the wild, and it was altogether…
Payment data-stealing malware found in Nginx Process
New malware is targeting E-commerce platforms in U.S., Germany, and France. The malware attacks the Nginx servers to conceal its identity and go undetected…
HTML smuggling targets Banking industry
Microsoft reported HTML smuggling, which spread via email, had been extensively targeting banking organizations. Microsoft described the attack that surfaced in the early half…