Spam
Fake VS Code alerts on GitHub spread malware to developers
A large-scale campaign is targeting developers on GitHub with fake Visual Studio Code (VS Code) security alerts posted in the Discussions section of various projects, to trick users into downloading malware. The spammy posts are crafted as vulnerability advisories and use realistic titles like “Severe Vulnerability – Immediate Update Required,” often including fake CVE IDs and […]
Zendesk spam wave returns, floods users with ‘Activate account’ emails
A fresh wave of spam is hitting inboxes worldwide, with users reporting that they are once again being bombarded by automated emails generated through companies’ unsecured Zendesk support systems. Some recipients say they are receiving hundreds of messages with strange or alarming subject lines. Users flooded with bogus ‘Activate account’ emails Since yesterday, numerous social […]
Zendesk ticket systems hijacked in massive global spam wave
People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines. The wave of spam messages started on January 18th, with people reporting on social media that they received hundreds of emails. While the messages do not appear to contain […]
Microsoft cancels plans to rate limit Exchange Online bulk emails
Microsoft announced today that it has canceled plans to impose a daily limit of 2,000 external recipients on Exchange Online bulk email senders. The change was announced in April 2024, when Microsoft said that it would add new External Recipient Rate (ERR) limits starting January 2025 to fight spam, with plans to begin enforcing the limit on […]
Microsoft: Anti-spam bug blocks links in Exchange Online, Teams
Microsoft is working to resolve a known issue that causes an anti-spam service to mistakenly block Exchange Online and Microsoft Teams users from opening URLs and quarantine some of their emails. In a service alert seen by GeekFeed, the company stated that the issue is caused by the anti-spam engine incorrectly tagging URLs contained within other URLs […]
Ransomware gangs pose as IT support in Microsoft Teams phishing attacks
Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. The threat actors are sending thousands of spam messages over a short period and then call the target from an adversary-controlled Office […]
Google Chrome uses AI to analyze pages in new scam detection feature
Google is using artificial intelligence to power a new Chrome scam protection feature that analyzes brands and the intent of pages as you browse the web. As spotted by Leo on X, a new flag in Chrome Canary enables a feature called “Client Side Detection Brand and Intent for Scam Detection” that uses an LLM, or Large Language […]
Ongoing phishing attack abuses Google Calendar to bypass spam filters
An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. According to Check Point, which has been monitoring the phishing attack, the threat actors have targeted 300 brands with over 4,000 emails sent in four weeks. Check Point told GeekFeed that the attacks targeted a broad […]
Amazon and Audible flooded with ‘forex trading’ and warez listings
Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious “forex trading” sites, Telegram channels, and suspicious links claiming to offer pirated software. Amazon listings promote illicit sites Yesterday, GeekFeed reported how threat actors were abusing Spotify playlists and podcasts to promote pirated software and game cheats. The […]
Spotify abused to promote pirated software and game cheats
Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and “warez” sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting SEO for their dubious online properties, since Spotify’s web player results appear in search engines like Google. Spotify playlists pushing warez […]