CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

May 14, 2025

A new global phishing threat called “Meta Mirage” has been uncovered, targeting businesses using Meta’s Business Suite. This campaign specifically aims at hijacking high-value accounts, including those managing advertising and official brand pages.
Cybersecurity researchers at CTM360 revealed that attackers behind Meta Mirage impersonate official Meta communications, tricking users into handing

Source: Read More

Previous ArticleXinbi Telegram Market Tied to $8.4B in Crypto Crime, Romance Scams, North Korea Laundering

Next Article Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns

Highlights

CVE-2025-49137 – HAX CMS Cross-Site Scripting (XSS)

June 9, 2025

CVE ID : CVE-2025-49137

Published : June 9, 2025, 9:15 p.m. | 2 hours, 44 minutes ago

Description : HAX CMS PHP allows users to manage their microsite universe with a PHP backend. Prior to version 11.0.0, the application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The ‘saveNode’ and ‘saveManifest’ endpoints take user input and store it in the JSON schema for the site. This content is then rendered in the generated HAX site. Although the application does not allow users to supply a `script` tag, it does allow the use of other HTML tags to run JavaScript. Version 11.0.0 fixes the issue.

Severity: 8.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

I’ve tested every Samsung Galaxy phone in 2025 – here’s the model I’d recommend on sale

Google Photos just put all its best editing tools a tap away – here’s the shortcut

Claude can teach you how to code now, and more – how to try it

One of the best work laptops I’ve tested has MacBook written all over it (but it’s even better)

Controlling Execution Flow with Laravel’s Sleep Helper

Controlling Execution Flow with Laravel’s Sleep Helper

Generate Secure Temporary Share Links for Files in Laravel

This Week in Laravel: Filament 4, Laravel Boost, and Junie Review

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

FOSS Weekly #25.33: Debian 13 Released, Torvalds vs RISC-V, Arch’s New Tool, GNOME Perfection and More Linux Stuff

Ultimate ChatGPT-5 Prompt Guide: 52 Ideas for Any Task

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

Controlling Execution Flow with Laravel’s Sleep Helper

Generate Secure Temporary Share Links for Files in Laravel

Researchers from AWS and Intuit Propose a Zero Trust Security Framework to Protect the Model Context Protocol (MCP) from Tool Poisoning and Unauthorized Access

CVE-2025-4977 – Netgear DGND3700 Cross-Site Scripting Vulnerability

CVE-2025-46203 – Apache Unifiedtransform Privilege Escalation Vulnerability

CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

CVE-2025-49137 – HAX CMS Cross-Site Scripting (XSS)

Newest LF Decentralized Trust Lab HOPrS identifies if photos have been altered

Finally, I found an Android Auto adapter that’s highly functional, lag-free, and priced well

Windows 11 will allow users to improve the dictation of the voice access

CTM360 Identifies Surge in Phishing Attacks Targeting Meta Business Users

Related Posts