InfoSecBulletin Cybersecurity for mankind
Generally scanning a malicious QR code from an unknown source can be harmful. Cisco Talos research shows that many people underestimate potential threats. Anti-spam filters can’t detect QR codes in images, allowing many spam emails to go unnoticed. While only 1 in 500 emails contains a QR code, around 60% of those are spam.
QR code phishing, or “quishing,” is a growing threat that mimics real websites to steal personal and payment information. For instance, fraudsters have been seen placing QR stickers on parking meters to trick people into entering their payment details into fake parking apps.
Researcher found non protected database form ESHYFT containig 86000 records
CVE-2024-55591 and CVE-2025-24472
New SuperBlack ransomware exploits Fortinet flaws
CVE-2025-25291 & CVE-2025-25292
Attention! GitLab Patched Critical Authentication Bypass Flaws
CVE-2025-20138
Cisco released High Security Alert for IOS XR Software
400+ IPs Exploiting Multiple SSRF Vulnerabilities
NVIDIA has released update for NVIDIA Riva
CVE-2025-24201
Apple fixes 0-day exploited in “extremely sophisticated attack”
Microsoft’s March 2025 updates fix 7 zero-day, 57 flaws
Ballista Botnet infects 6000 Unpatched TP-Link Routers
CVE-2025-24813
Flaw in Apache Tomcat Exposes Servers to RCE
Talos issued a warning about malicious QR code emails that send fake multi-factor authentication requests to steal user credentials.
QR codes in emails account for only 0.1% to 0.2% of all emails, yet Talos discovered they often bypass anti-spam filters, allowing users to see them in their inboxes more frequently than anticipated.
Malicious URLs can be ‘defanged’ by altering the protocol from ‘http’ to ‘hxxp’ or by placing brackets around a dot in the URL. This prevents browsers from activating the link and helps users avoid accidentally clicking it. This issue is less prevalent with QR codes.
