InfoSecBulletin Cybersecurity for mankind
Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people underestimate potential threats. Anti-spam filters can’t detect QR codes in images, allowing many spam emails to go unnoticed. While only 1 in 500 emails contains a QR code, around 60% of those are spam.
QR code phishing, or “quishing,” is a growing threat that mimics real websites to steal personal and payment information. For instance, fraudsters have been seen placing QR stickers on parking meters to trick people into entering their payment details into fake parking apps.
Hackers Exploits RCE flaw in Cisco Small Business Router
CISA Alerts For Active Exploited Zimbra and Microsoft flaw
200 Fake GitHub Repos Attacking Developers to Deliver Malware
Renew Dubai visa within minutes with AI-powered Salama
CVE-2024-20953
CISA Flags Oracle Agile PLM Actively Exploited Security Flaw
Stablecoin Bank Hacked – Hackers Stolen $49.5M
CVE-2025-20029
PoC Exploit Released for F5 BIG-IP Command Injection Vuln
By 1 April 2025
Australia Bans Kaspersky on its govt systems and devices
CISA Flags Craft CMS Code Injection Flaw Amid Active Attacks
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Talos issued a warning about malicious QR code emails that send fake multi-factor authentication requests to steal user credentials.
QR codes in emails account for only 0.1% to 0.2% of all emails, yet Talos discovered they often bypass anti-spam filters, allowing users to see them in their inboxes more frequently than anticipated.
Malicious URLs can be ‘defanged’ by altering the protocol from ‘http’ to ‘hxxp’ or by placing brackets around a dot in the URL. This prevents browsers from activating the link and helps users avoid accidentally clicking it. This issue is less prevalent with QR codes.
