Google has a multitude of open redirects that are frequently abused by threat actors. They are used to both deter initial URL scanning and obfuscate the final phishing URL. A recent example of this in the wild found by KnowBe4 showcased combining multiple redirects in a row. Google seemingly has no interest in fixing these issues according to their VRP. These redirects span different Google domains and products including Search, Meet and Ads (formerly DoubleClick).
For an indeterminate amount of time, the Trump Mobile API had at least two unprotected endpoints that could be exploited for either a) mass general info disclosure or b) targeted and enumerable info disclosure including plain text passwords; full PII including name, address, and email; and unique mobile device identifiers inlcuding IMEI and ICCID.
Through my daily work and from reading quite a few blog posts, researchers consistently mistake that a phishing kit is leveraging /cdn-cgi/phish-bypass to hinder web and security scanners. This stems from a misunderstanding of what the Cloudflare /cdn-cgi/ endpoint is and how it operates.
Python- and JavaScript-based malware has become increasingly popular within the last few years. Specifically, the DPRK’s Contagious Interview campaign has leveraged both languages using a variety delivery methods.
I’ve recently been doing some research regarding Telegram for work. This eventually led me to their sister platform, Telegra.ph. Simply put, Telegraph is a closed-source, minimalist, Pastebin-like site that allows anyone publish text-based content.
I was recently talking to a handful of online friends about UGC (user generated content) creation within the Unity ecosystem. One of them jokingly mentioned how someone they knew was “ratted” by downloading an asset, that is usually behind a paywall, for free. Ratted from a Unity package?
There has been a large increase in X account compromises over the past few months. As such, I wanted to compile a list of security policies and tips as well as common phishing tactics.
If you’ve done any reading or sleuthing regarding the movements of funds after hacks, you’ve probably encountered eXchCX before. Incidents including but not limited to…
This is one of two articles based on "prompted" investigations. Starting out with an initial question and/or piece of media, the investigation is still open ended.
This is one of two articles based on “prompted” investigations. Starting out with an initial question and/or piece of media, the investigation is still open ended.