Tag

Impersonation

2 briefs RSS

Monitor Email for Brand Abuse via Domain Permutations

This analytic identifies emails claiming to originate from domains similar to those being monitored for abuse by cross-referencing sender addresses with a lookup table of domain permutations, indicating potential phishing or brand impersonation.

Splunk Enterprise +2 brand-abuse email phishing impersonation

2r 1t 3w ago

critical advisory

Rancher Fleet Helm Impersonation Bypass Vulnerability

2 rules 1 TTP

Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored repository to read secrets from any namespace on every downstream cluster targeted by their `GitRepo`.

Fleet +5 rancher helm kubernetes impersonation privilege-escalation cve-2026-41050

2r 1t May 7, 2026