Tag: spoofing

6 Attack Reports | 0 Vulnerabilities

Attack reports

Microsoft 365 Direct Send Abuse: Phishing Risks & Security Recommendations

Threat actors are actively exploiting Microsoft 365's Direct Send feature to deliver phishing emails, bypassing perimeter security solutions by routing malicious messages through trusted infrastructure. This technique requires no credentials, only knowledge of the target domain and valid recipient …
phishing
credential theft
spoofing
microsoft 365
business email compromise
email security
2025-08-18
direct send
Published: August 18, 2025
Downloadable IOCs: 27

SharePoint Vulnerabilities (CVE-2025-53770 & CVE-2025-53771): Everything You Need to Know

Two critical zero-day vulnerabilities, CVE-2025-53770 and CVE-2025-53771, are actively exploited in on-premises Microsoft SharePoint servers. These flaws enable unauthenticated remote code execution through an exploit chain dubbed ToolShell. CVE-2025-53770 is a critical RCE vulnerability caused by …
zero-day
spoofing
sharepoint
rce
authentication bypass
patch
CVE-2025-53770
CVE-2025-53771
2025-07-21
toolshell
deserialization
on-premises
Published: July 21, 2025
Linked vulnerabilities : CVE-2025-23266 (CVSS 9.0), CVE-2025-53770 (CVSS 9.8), CVE-2025-53771 (CVSS 7.1), CVE-2025-49704, CVE-2025-49706
Downloadable IOCs: 3

APT36-Style ClickFix Attack Spoofs Indian Ministry to Target Windows & Linux

A recent campaign attributed to APT36 has been observed spoofing India's Ministry of Defence to deliver cross-platform malware. The attackers used a ClickFix-style infection chain, mimicking government press releases and leveraging a compromised .in domain for payload staging. The campaign targeted…
obfuscation
social engineering
cross-platform
spoofing
clickfix
mshta
2025-05-06
ministry of defence
clipboard-based execution
Published: May 6, 2025
Downloadable IOCs: 7

CVE-2025-24054, NTLM Exploit in the Wild

A critical vulnerability, CVE-2025-24054, related to NTLM hash disclosure via spoofing, has been actively exploited since March 19, 2025. The flaw allows attackers to leak NTLM hashes or user passwords using a maliciously crafted .library-ms file, potentially compromising systems. A campaign target…
malspam
spoofing
ntlm
CVE-2025-24054
2025-04-16
Published: April 16, 2025
Downloadable IOCs: 1

A Website Attacked

This report investigates a watering hole attack on a U.S. apartment website that delivered malware by spoofing a fake browser update. The investigation uncovered dozens of other compromised websites from various industries like healthcare, retail, and consumer sites. The compromised sites loaded ma…
malware
netsupport
spoofing
watering hole
2024-10-16
browser updates
compromised websites
Published: October 16, 2024
Downloadable IOCs: 72

FIN7: Silent Push unearths 4000+ phishing and shell domains

Silent Push threat analysts have uncovered an extensive series of campaigns linked to the FIN7 cybercrime group, including several hundred active phishing, spoofing, shell and malware delivery domains and IPs targeting various organizations. The campaigns utilize over 4000 domains and subdomains, w…
phishing
eugenloader
2024-07-11
carbanak
spoofing
anunak
gracewire
Published: July 11, 2024
Downloadable IOCs: 94
Click here to see more Attack Reports