-
Google's mysterious 'search.app' links leave Android users concerned
The most recent update to the Google Android app has startled users as they notice the mysterious "search.app" links being generated when sharing content and links from the Google app externally.
- November 08, 2024
- 07:56 AM
6
-
Polyfill.io JavaScript supply chain attack impacts over 100K sites
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites.
- June 25, 2024
- 02:10 PM
1
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
Here's why Twitter sends you to a different site than what you clicked
Users of the social media platform X (Twitter) have often been left puzzled when they click on a post with an external link but arrive at an entirely unexpected website from the one displayed. A Twitter ad spotted below by a security researcher shows forbes.com as its destination but instead takes you to a Telegram account.
- March 20, 2024
- 04:47 AM
- 1
-
VexTrio TDS: Inside a massive 70,000-domain cybercrime operation
A previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in their cybercrime operations through a massive network of 70,000 sites.
- January 24, 2024
- 02:46 PM
- 0
-
Malicious web redirect scripts stealth up to hide on hacked sites
Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms.
- January 22, 2024
- 03:15 PM
- 0
-
New Balada Injector campaign infects 6,700 WordPress sites
A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign.
- January 11, 2024
- 12:44 PM
- 0
-
LinkedIn Smart Links attacks return to target Microsoft accounts
Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials.
- October 11, 2023
- 09:00 AM
- 0
-
Over 17,000 WordPress sites hacked in Balada Injector attacks last month
Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws in premium theme plugins.
- October 09, 2023
- 03:23 PM
- 1
-
Free Download Manager site redirected Linux users to malware for years
A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.
- September 12, 2023
- 11:25 AM
- 5
-
Threat actors abuse Google AMP for evasive phishing attacks
Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures and get to inboxes of enterprise employees.
- August 01, 2023
- 01:43 PM
- 0
-
15,000 sites hacked for massive Google SEO poisoning campaign
Hackers are conducting a massive black hat search engine optimization (SEO) campaign by compromising almost 15,000 websites to redirect visitors to fake Q&A discussion forums.
- November 09, 2022
- 01:08 PM
- 0
-
Microsoft, Google OAuth flaws can be abused in phishing attacks
Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations.
- December 09, 2021
- 11:21 AM
- 0
-
WordPress plugin bug impacts 1M sites, allows malicious redirects
The OptinMonster plugin is affected by a high-severity flaw that allows unauthorized API access and sensitive information disclosure on roughly a million WordPress sites.
- October 28, 2021
- 10:50 AM
- 0
-
Prometheus TDS: The $250 service behind recent malware attacks
Security researchers investigating multiple malware distribution campaigns found that an underground traffic distribution service called Prometheus is responsible for delivering threats that often lead to ransomware attacks.
- August 05, 2021
- 09:57 AM
- 0
-
Google Alerts continues to be a hotbed of scams and malware
Google Alerts continues to be a hotbed of scams and malware that threat actors are increasingly abusing to promote malicious websites.
- April 19, 2021
- 05:07 PM
- 0
-
What are these suspicious Google GVT1.com URLs?
These Google-owned domains have confused even the most skilled researchers and security products time and time again if these are malicious. The domains in question are redirector.gvt1.com and gvt1/gvt2 subdomains that have spun many threads on the internet. BleepingComputer has dug deeper into the origin of these domains.
- February 28, 2021
- 11:52 AM
- 2
-
Drug spammers start using new technique to bypass spam filters
Actors behind a pill scam campaign are trying a new technique, betting on unconventional representation of URLs in spam messages to keep them undetected by email protection systems and URL block lists.
- September 17, 2020
- 09:24 AM
- 0
-
CoinMiner exploits Apple APSDaemon vulnerability to evade detection
Malware distributors are abusing a DLL hijacking vulnerability in Apple's Push Notification service Windows executable to install coin miners on users attempting to download copyrighted software.
- June 16, 2020
- 11:04 AM
- 0
-
Thousands of WordPress Sites Hacked to Fuel Scam Campaign
Over 2,000 Wordpress sites have been hacked to fuel a campaign to redirect visitors to scam sites containing unwanted browser notification subscriptions, fake surveys, giveaways, and fake Adobe Flash downloads.
- January 22, 2020
- 04:42 PM
- 1
