Security News

New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users
2024-09-27 09:00

Russian-speaking users have been targeted as part of a new campaign distributing a commodity trojan called DCRat (aka DarkCrystal RAT) by means of a technique known as HTML smuggling. The...

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI
2024-05-27 09:02

Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail,...

Security Vulnerability of HTML Emails
2024-04-08 11:03

The email your manager received and forwarded to you was something completely innocent, such as a potential customer asking a few questions. The innocent pretext disappeared and the real phishing email became visible.

N. Korea-linked Kimsuky Shifts to Compiled HTML Help Files in Ongoing Cyberattacks
2024-03-24 05:38

The North Korea-linked threat actor known as Kimsuky (aka Black Banshee, Emerald Sleet, or Springtail) has been observed shifting its tactics, leveraging Compiled HTML Help (CHM) files as vectors...

Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites
2024-03-18 12:35

Cybersecurity researchers have discovered a new malware campaign that leverages bogus Google Sites pages and HTML smuggling to distribute a commercial malware called AZORult in order to facilitate...

Counter-Strike 2 HTML injection bug exposes players’ IP addresses
2023-12-11 20:05

Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players' IP addresses. While initially thought to be a more severe Cross Site Scripting flaw, which allows JavaScript code to be executed in a client, the bug was determined only to be an HTML injection flaw, allowing the injection of images.

Google is retiring its Gmail Basic HTML view in January 2024
2023-09-25 16:08

Google is notifying Gmail users that the webmail's Basic HTML view will be deprecated in January 2024, and users will require modern browsers to continue using the service. The basic HTML view is a stripped-down version of Gmail that does not offer users chat, spell checking, keyboard shortcuts, adding or importing contacts, setting custom "From" addresses, or using rich text formatting.

Chinese Hackers Use HTML Smuggling to Infiltrate European Ministries with PlugX
2023-07-03 13:25

A Chinese nation-state group has been observed targeting Foreign Affairs ministries and embassies in Europe using HTML smuggling techniques to deliver the PlugX remote access trojan on compromised systems. "The campaign uses new delivery methods to deploy a new variant of PlugX, an implant commonly associated with a wide variety of Chinese threat actors," Check Point said.

HTML attachments found to be the most malicious type of file
2022-07-07 15:32

Dll attachments as the main focus when cyberattacks arise, but there may be another type of highly used malicious file to be aware of. According to findings from IT security company Barracuda Networks, HTML attachments are being employed by adversaries the most when it comes to cyberattacks and 21% of all HTML attachments scanned by the company were found to be malicious.

HTML attachments remain popular among phishing actors in 2022
2022-05-16 22:32

HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves. The phishing forms, redirection mechanisms, and data-stealing elements in HTML attachments are typically implemented using various methods, ranging from simple redirects to obfuscating JavaScript to hide phishing forms.