Tag: email
-
New Spear Phishing Attack Distributes VIP Keylogger Through Email Attachment
Threat actors have revived the sophisticated VIP keylogger malware, previously detailed in an earlier white paper for its use of spear-phishing and steganography to infiltrate systems and steal data from web browsers and user credentials. This iteration introduces an AutoIt-based injector to deploy the final payload, marking a shift from prior methods while maintaining core…
-
PyPI maintainers alert users to email verification phishing attack
PyPI warns of phishing emails from noreply@pypj[.]org posing as >>[PyPI] Email verification>[PyPI] Email verification
-
Unveiling 0bj3ctivityStealer’s Execution Chain: New Capabilities and Exfiltration Techniques Exposed
In the ever-evolving infostealer landscape, 0bj3ctivityStealer emerges as a formidable threat, blending advanced obfuscation with targeted data exfiltration. Discovered earlier this year by HP Wolf Security researchers, this .NET-based malware has been observed in proactive threat hunting by the Trellix Advanced Research Center, revealing a novel phishing-driven campaign. The infection initiates through spearphishing emails themed…
-
PyPI Warns of Ongoing Phishing Campaign Using Fake Verification Emails and Lookalike Domain
The maintainers of the Python Package Index (PyPI) repository have issued a warning about an ongoing phishing attack that’s targeting users in an attempt to redirect them to fake PyPI sites.The attack involves sending email messages bearing the subject line “[PyPI] Email verification” that are sent from the email address noreply@pypj[.]org (note that the domain…
-
Sex toy maker Lovense caught leaking users’ email addresses and exposing accounts to takeovers
A security researcher went public after the sex toy maker asked for more than a year to fix the vulnerabilities, which leak users’ private email addresses and allow for accounts to be hijacked. First seen on techcrunch.com Jump to article: techcrunch.com/2025/07/29/sex-toy-maker-lovense-caught-leaking-users-email-addresses-and-exposing-accounts-to-takeovers/
-
PyPI Alerts Developers to New Phishing Attack Using Fake PyPI Site
Python developers are being warned about a sophisticated phishing campaign targeting users of the Python Package Index (PyPI) through fraudulent emails and a deceptive clone of the official repository website. While PyPI’s infrastructure remains secure, attackers are exploiting developer trust by impersonating the legitimate service to harvest user credentials. Attack Details and Methodology The phishing…
-
Lovense sex toy app flaw leaks private user email addresses
The connected sex toy platform Lovense is vulnerable to a zero-day flaw that allows an attacker to get access to a member’s email address simply by knowing their username, putting them at risk of doxxing and harassment. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lovense-sex-toy-app-flaw-leaks-private-user-email-addresses/
-
Post SMTP Plugin Flaw Allowed Subscribers to Take Over Admin Accounts
If you’re running a WordPress site and rely on the Post SMTP plugin for email delivery, there’s something… First seen on hackread.com Jump to article: hackread.com/post-smtp-plugin-flaw-subscribers-over-admin-accounts/
-
Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover
Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in the Post SMTP WordPress plugin, used by 400k sites, allows full site takeover. The plugin Post SMTP is an email delivery plugin that allows site owners…
-
NPM ‘is’ Package with 2.8M Weekly Downloads Exploited in Attack on Developers
The popular npm package ‘is’, which has about 2.8 million weekly downloads, has been taken over by threat actors in a sophisticated escalation of a phishing effort that was first disclosed last Friday. The attack began with emails spoofing npm’s support@npmjs.org address, directing developers to a typosquatted domain, npnjs.com a near-identical proxy of the legitimate…
-
Email Security Is Stuck in the Antivirus Era: Why It Needs a Modern Approach
Picture this: you’ve hardened every laptop in your fleet with real”‘time telemetry, rapid isolation, and automated rollback. But the corporate mailbox”, the front door for most attackers”, is still guarded by what is effectively a 1990s-era filter.This isn’t a balanced approach. Email remains a primary vector for breaches, yet we often treat it as a…
-
400,000 WordPress Websites Exposed by Post SMTP Plugin Vulnerability
A critical security vulnerability has been discovered in the popular Post SMTP plugin for WordPress, potentially exposing over 400,000 websites to account takeover attacks. The vulnerability, tracked as CVE-2025-24000, affects versions 3.2.0 and below of the plugin, allowing even low-privileged users to access sensitive email data and ultimately gain administrative control of affected websites as…
-
Secure eMail Gateways allein noch kein hinreichender Schutz vor Phishing
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/secure-email-gateways-unzureichend-schutz-phishing
-
Security Affairs newsletter Round 534 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Law enforcement operations seized BlackSuit ransomware gang’s darknet sites Arizona woman sentenced for aiding North Korea…
-
Political parties hold vast amounts of data about Australians. Experts say it’s a growing risk
Ransomware attack puts focus on privacy risks for political parties, which are exempt from many data protection obligations<ul><li><a href=”https://www.theguardian.com/australia-news/live/2025/jul/27/australia-news-live-anthony-albanese-richard-marles-aukus-defence-talisman-sabre-israel-gaza-ntwnfb”>Follow our Australia news live blog for latest updates</li><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>More than two years before the data breach of Clive Palmer’s Trumpet of Patriots and United…
-
Political parities hold vast amounts of data about Australians. Experts say it’s a growing risk
Ransomware attack puts focus on privacy risks for political parties, which are exempt from many data protection obligations<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>More than two years before the data breach of Clive Palmer’s Trumpet of Patriots and United Australia parties, the federal government was warned that there…
-
Trumpet of Patriots hack: calls for political parties to be forced to report data breaches
Ransomware attack puts focus on privacy risks for political parties, which are exempt from many data protection obligations<ul><li>Get our <a href=”https://www.theguardian.com/email-newsletters?CMP=cvau_sfl”>breaking news email, <a href=”https://app.adjust.com/w4u7jx3″>free app or <a href=”https://www.theguardian.com/australia-news/series/full-story?CMP=cvau_sfl”>daily news podcast</li></ul>More than two years before the data breach of Clive Palmer’s Trumpet of Patriots and United Australia parties, the federal government was warned that there…
-
Hackers Exploit Google Forms to Trick Victims into Stealing Cryptocurrency
Cybercriminals are increasingly using Google Forms to plan cryptocurrency theft in a sophisticated evolution of phishing assaults, taking advantage of the platform’s built-in credibility and smooth integration with Google’s ecosystem. This tactic allows malicious actors to bypass traditional email security filters, delivering deceptive messages directly to victims’ inboxes. By masquerading as legitimate notifications from cryptocurrency…
-
Phishing Angriffe können auch Secure Email Gateways umgehen
Wo Unternehmen auf ausgereifte Schutzmaßnahmen wie Secure Email Gateways (SEGs) setzen, nutzen Angreifer gezielt deren Schwächen aus. Die Angriffsmethoden werden immer raffinierter und dynamischer deshalb ist jetzt an der Zeit ist, über neue Verteidigungsstrategien nachzudenken. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/phishing-angriffe-koennen-auch-secure-email-gateways-umgehen/a41505/
-
Supply chain attack compromises npm packages to spread backdoor malware
Tags: attack, authentication, backdoor, control, cybercrime, cybersecurity, data, defense, email, linux, macOS, malicious, malware, mfa, phishing, software, supply-chain, threat, tool, update, vulnerability, windowsis npm JavaScript type testing utility with malware that went unnoticed for six hours. The bad news was delivered by maintainer Jordan Harband in a post on Bluesky:”Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked,” he wrote.The infected version was removed by npm admins and v3.3.0…
-
Malicious LNK File Posing as Credit Card Security Email Steals User Data
Tags: authentication, credit-card, cyber, data, email, exploit, finance, malicious, powershell, threatThreat actors have deployed a malicious LNK file masquerading as a credit card company’s security email authentication pop-up to pilfer sensitive user information. The file, named >>card_detail_20250610.html.lnk,
-
UK blames Russia’s infamous ‘Fancy Bear’ group for Microsoft cloud hacks
Authentic Antics malware tool to target Microsoft cloud accounts were the handiwork of the notorious Russian Fancy Bear hacking group, the UK’s National Cyber Security Centre (NCSC) has said.Authentic Antics was discovered after a cyberattack in 2023 which prompted an NCSC technical teardown of the malware that it published in May this year. The agency…
-
DeerStealer Malware Spread Through Weaponized .LNK and LOLBin Tools
A new wave of cyber-attacks has emerged, exploiting Windows shortcut files (.LNK) combined with legitimate system utilities collectively known as Living-off-the-Land Binaries and Scripts (LOLBin/S) to deliver the DeerStealer infostealer through highly obfuscated multi-stage chains. Recent campaigns begin with phishing emails or fraudulent file shares containing weaponized .LNK files camouflaged as seemingly benign documents, often…
-
Threat Actors Compromise Popular npm Packages to Steal Maintainers’ Tokens
Threat actors have leveraged a phishing campaign targeting npm package maintainers, resulting in the compromise of widely used JavaScript tooling libraries. The campaign, first reported on July 18, 2025, utilizes a typosquatted domain, npnjs.com, to mimic legitimate npm communications and trick developers into surrendering their authentication tokens. This multi-stage operation begins with automated emails scraped…
-
Beware of npm Phishing Emails Targeting Developer Credentials
An developer recently came across a highly advanced phishing email that spoofs the support@npmjs.org address in order to impersonate npm, the Node.js package registry. The email directed recipients to a malicious link on npnjs.com, a domain cleverly typosquatted to mimic npmjs.com by swapping ‘m’ for ‘n’. This fake site hosted a complete clone or proxy…
-
Snake Keylogger Uses Persistence via Scheduled Tasks to Steal Login Data Undetected
Researchers have uncovered a sophisticated phishing campaign zeroing in on Turkish enterprises, with a particular focus on the defense and aerospace industries. Threat actors are masquerading as Turkish Aerospace Industries (TUSAÅž), a key defense contractor, to disseminate malicious emails that mimic legitimate contractual documents. These emails carry a variant of the Snake Keylogger, an infamous…
-
Security Affairs newsletter Round 533 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release Authorities released free decryptor for Phobos and…