I've seen TWO of these messages from different Gmail addresses this week so far. Has anyone else seen these? Domain changed to protect the potentially embarrassed.
Anthony -------- Forwarded Message -------- Subject: Reporting a Security Vulnerability Date: Thu, 23 Oct 2025 13:27:58 -0700 From: [email protected] To: [email protected] Dear Support/Security Team,I hope this email finds you well. My name is Mohamed Ibrahim, and I am a security researcher/bug bounty hunter with experience in identifying and responsibly disclosing security vulnerabilities. While testing some technology, I have identified a security vulnerability within your domain EXAMPLE.COM <http://EXAMPLE.COM> . To ensure responsible disclosure, I would like to report this vulnerability to your team. Could you please provide guidance on your preferred process for submitting security reports? For example, do you have a dedicated bug bounty program, a security contact email, or a vulnerability disclosure policy?I am happy to provide further details about the issue upon your confirmation of the appropriate reporting channel. My goal is to assist in securing your systems while adhering to best practices for responsible disclosure.
Best regards, Mohamed Ibrahim,, -- Anthony C Howe [email protected] BarricadeMX & Milters http://nanozen.snert.com/ https://github.com/SirWumpus
OpenPGP_signature.asc
Description: OpenPGP digital signature
_______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
