Subscription Bombing: Email under Attack
Summary
Subscription bombing is a type of email attack where attackers flood a victim's inbox with unwanted subscription confirmations to hide malicious emails.
Similar Articles
Scammers are abusing an internal Microsoft account to send spam links
Scammers are exploiting a Microsoft internal email address typically used for account alerts to send spammy links, potentially tricking recipients. Microsoft says it is investigating and taking action.
Someone used my open source project to phish people
An open source project maintainer reports that attackers abused his project's invitation system to send phishing emails to over 14,000 people, exploiting unverified signups and a verified email domain. The incident highlights how well-intentioned design can be misused for malicious purposes.
@gdb: Codex for unsubscribing from unwanted marketing emails
Todd Saunders demonstrates using Codex's '/goal' command to automatically find and click unsubscribe links in 500 archived emails, successfully unsubscribing from 87 and handling confirmation pages.
Codex Discovered a Hidden HTTP/2 Bomb
Codex discovered a remote denial-of-service exploit dubbed 'HTTP/2 Bomb' that targets HPACK compression in major web servers (nginx, Apache, IIS, Envoy, Pingora), chaining a compression bomb with flow-control hold to exhaust server memory quickly.
Dashlane explains how attackers managed to download encrypted password vaults
Dashlane disclosed a coordinated brute-force attack where threat actors abused device enrollment APIs to send one-time codes across thousands of accounts simultaneously, successfully downloading encrypted password vaults for fewer than 20 users before the attack was shut down.