Spam campaign abuses flaw tricking thousands with shortened .gov URLs

A vulnerable component in a content management system has enabled savvy cybercriminals behind a spam campaign to spoof .gov site URLs by abusing a short link designed to validate the authenticity of redirects to U.S. government websites.