Tag: email

Cisco Warns of Active Cyberattack Exploiting Critical AsyncOS Vulnerability

Dec 18, 2025 10:19 AM

Tags: attack, cisco, cyberattack, email, exploit, threat, vulnerability

Cisco has identified an ongoing cyberattack campaign exploiting vulnerabilities in a subset of its appliances running Cisco AsyncOS Software. The attack specifically affects Cisco Secure Email Gateway and Cisco Secure Email and Web Manager appliances, allowing threat actors to execute arbitrary commands with root privileges. This campaign has been tracked under CVE-2025-20393 and has been classified as critical with a CVSS 10.0 rating. First seen on thecyberexpress.com…
Cisco AsyncOS 0-Day Allows Remote Execution of System Commands

Dec 18, 2025 9:19 AM

Tags: backdoor, cisco, cyber, email, exploit, flaw, software, threat, vulnerability, zero-day

Cisco Talos has uncovered an active campaign exploiting a zero-day vulnerability in Cisco AsyncOS Software, affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The security flaw enables attackers to execute system-level commands remotely and deploy sophisticated backdoors on compromised systems. The threat actor behind this campaign, tracked as UAT-9686, is assessed…
Cisco AsyncOS 0-Day Allows Remote Execution of System Commands

Dec 18, 2025 9:19 AM

Tags: backdoor, cisco, cyber, email, exploit, flaw, software, threat, vulnerability, zero-day

Cisco Talos has uncovered an active campaign exploiting a zero-day vulnerability in Cisco AsyncOS Software, affecting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager. The security flaw enables attackers to execute system-level commands remotely and deploy sophisticated backdoors on compromised systems. The threat actor behind this campaign, tracked as UAT-9686, is assessed…
Cisco Warns of Active Attacks Exploiting Unpatched 0-Day in AsyncOS Email Security Appliances

Dec 18, 2025 6:19 AM

Tags: attack, china, cisco, email, exploit, flaw, software, threat, zero-day

Cisco has alerted users of a maximum-severity zero-day flaw in Cisco AsyncOS software that has been actively exploited by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686 in attacks targeting Cisco Secure Email Gateway and Cisco Secure Email and Web Manager.The networking equipment major said it became aware of the intrusion campaign on December…
Millions impacted by PornHub, SoundCloud data breaches

Dec 18, 2025 5:20 AM

Tags: breach, data, email, service

PornHub sent emails out to many users and published a statement warning that it was affected by a recent breach of data analytics service provider Mixpanel. First seen on therecord.media Jump to article: therecord.media/millions-impacted-pornhub-soundcloud-breaches
Millions impacted by PornHub, SoundCloud data breaches

Dec 18, 2025 5:20 AM

Tags: breach, data, email, service

PornHub sent emails out to many users and published a statement warning that it was affected by a recent breach of data analytics service provider Mixpanel. First seen on therecord.media Jump to article: therecord.media/millions-impacted-pornhub-soundcloud-breaches
Cisco email security appliances rooted and backdoored via still unpatched zero-day

Dec 17, 2025 9:19 PM

Tags: backdoor, china, cisco, email, group, threat, tool, zero-day

A suspected Chinese-nexus threat group has been compromising Cisco email security devices and planting backdoors and log-purging tools on them since at least late November … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/12/17/cisco-secure-email-cve-2025-20393/
Cisco warns of unpatched AsyncOS zero-day exploited in attacks

Dec 17, 2025 8:19 PM

Tags: attack, cisco, email, exploit, zero-day

Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-warns-of-unpatched-asyncos-zero-day-exploited-in-attacks/
UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Dec 17, 2025 6:19 PM

Tags: cisco, email, software

Cisco Talos is tracking the active targeting of Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance (ESA), and Cisco Secure Email and Web Manager, formerly known as Cisco Content Security Management Appliance (SMA). First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/uat-9686/
New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

Dec 17, 2025 5:19 PM

Tags: attack, cyberattack, cybersecurity, email, phishing, russia, threat

The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky.The Russian cybersecurity vendor said it detected the new activity in October 2025. The origins of the threat actor are presently unknown.”While the spring cyberattacks focused on organizations, the fall campaign honed…
The 12 Months of Innovation: How Salt Security Helped Rewrite API AI Security in 2025

Dec 17, 2025 3:19 PM

Tags: access, ai, api, attack, automation, breach, business, ciso, cloud, compliance, control, crowdstrike, cyber, data, data-breach, defense, detection, email, exploit, github, governance, injection, insurance, intelligence, privacy, risk, risk-management, software, strategy, supply-chain, threat, tool, waf

As holiday lights go up and inboxes fill with year-in-review emails, it’s tempting to look back on 2025 as “the year of AI.” But for security teams, it was something more specific the year APIs, AI agents, and MCP servers collided across the API fabric, expanding the attack surface faster than most organizations could keep…
France investigates Interior Ministry email breach and access to confidential files

Dec 17, 2025 2:19 PM

Tags: access, breach, cybercrime, email

France’s Interior Ministry said it is investigating the “reality and scope” of a post on a cybercrime forum by a user claiming to have hacked the institution. First seen on therecord.media Jump to article: therecord.media/france-interior-ministry-email-breach-investigation
IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses

Dec 17, 2025 1:19 PM

Tags: email

Originally published at IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses by EasyDMARC. When your emails suddenly stop reaching inboxes, one … First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ip-blacklist-check-how-to-recover-and-prevent-blacklisted-ip-addresses/
IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses

Dec 17, 2025 1:19 PM

Tags: email

Originally published at IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses by EasyDMARC. When your emails suddenly stop reaching inboxes, one … First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ip-blacklist-check-how-to-recover-and-prevent-blacklisted-ip-addresses/
IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses

Dec 17, 2025 1:19 PM

Tags: email

Originally published at IP Blacklist Check: How to Recover and Prevent Blacklisted IP Addresses by EasyDMARC. When your emails suddenly stop reaching inboxes, one … First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/ip-blacklist-check-how-to-recover-and-prevent-blacklisted-ip-addresses/
BlindEagle Targets Colombian Government Agency with Caminho and DCRAT

Dec 17, 2025 10:19 AM

Tags: access, attack, authentication, cloud, communications, control, cybercrime, defense, detection, dkim, dmarc, dns, email, encryption, flaw, government, group, infrastructure, injection, Internet, malicious, malware, microsoft, open-source, phishing, powershell, rat, service, spear-phishing, startup, tactics, threat, tool, update, usa, windows

IntroductionIn early September 2025, Zscaler ThreatLabz discovered a new spear phishing campaign attributed to BlindEagle, a threat actor who operates in South America and targets users in Spanish-speaking countries, such as Colombia. In this campaign, BlindEagle targeted a government agency under the control of the Ministry of Commerce, Industry and Tourism (MCIT) in Colombia using…
CASB buyer’s guide: What to know about cloud access security brokers before you buy

Dec 17, 2025 9:19 AM

Tags: access, ai, antivirus, api, authentication, business, chatgpt, cisco, cloud, compliance, control, corporate, data, detection, email, encryption, endpoint, firewall, framework, gartner, google, guide, identity, india, infection, infrastructure, intelligence, Internet, leak, login, malicious, malware, marketplace, microsoft, mobile, monitoring, network, office, phone, privacy, programming, ransomware, regulation, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vpn, zero-day, zero-trust

cloud access security broker (CASB) enterprise buyer’s guide today! ] In this buyer’s guide: Cloud access security brokers (CASBs) explainedWhy enterprises need cloud access security brokers (CASBs)What to look for in a cloud access security broker (CASB) toolCore cloud access security broker (CASB) servicesLeading cloud access security broker (CASB) vendorsWhat to ask before cloud access…
CASB buyer’s guide: What to know about cloud access security brokers before you buy

Dec 17, 2025 9:19 AM

Tags: access, ai, antivirus, api, authentication, business, chatgpt, cisco, cloud, compliance, control, corporate, data, detection, email, encryption, endpoint, firewall, framework, gartner, google, guide, identity, india, infection, infrastructure, intelligence, Internet, leak, login, malicious, malware, marketplace, microsoft, mobile, monitoring, network, office, phone, privacy, programming, ransomware, regulation, risk, risk-assessment, saas, service, software, strategy, technology, threat, tool, unauthorized, vpn, zero-day, zero-trust

cloud access security broker (CASB) enterprise buyer’s guide today! ] In this buyer’s guide: Cloud access security brokers (CASBs) explainedWhy enterprises need cloud access security brokers (CASBs)What to look for in a cloud access security broker (CASB) toolCore cloud access security broker (CASB) servicesLeading cloud access security broker (CASB) vendorsWhat to ask before cloud access…
Blind Eagle Hackers Exploit Trust to Bypass Email Security Controls

Dec 17, 2025 9:19 AM

Tags: attack, control, cyber, cybersecurity, email, exploit, government, group, hacker, malware, phishing, spear-phishing, threat

BlindEagle threat actors are exploiting compromised internal email accounts to launch spear-phishing campaigns that bypass traditional email security controls, targeting Colombian government agencies with sophisticated multi-stage malware attacks, according to Zscaler ThreatLabz research. The cybersecurity firm discovered the campaign in early September 2025, revealing that the South American threat group targeted a government agency under…
SoundCloud Hit by Cyberattack, Breach Affects 20% of its Users

Dec 17, 2025 12:19 AM

Tags: attack, breach, cyberattack, dos, email

SoundCloud confirms a breach affecting an estimated 20% of users, resulting in stolen email addresses. The company is dealing with follow-up DoS attacks by unnamed attackers while media reports allege involvement of ShinyHunters. First seen on hackread.com Jump to article: hackread.com/soundcloud-cyberattack-data-breach/
Hacking group says it’s extorting Pornhub after stealing users’ viewing data

Dec 16, 2025 5:19 PM

Tags: data, email, group, hacking

The Scattered Lapsus$ Hunters hacking collective stole Pornhub premium users’ data, including email addresses and viewing history. First seen on techcrunch.com Jump to article: techcrunch.com/2025/12/16/hacking-group-says-its-extorting-pornhub-after-stealing-users-viewing-data/
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
How to create a ransomware playbook that works

Dec 16, 2025 9:19 AM

Tags: access, antivirus, attack, authentication, awareness, backup, best-practice, breach, business, communications, corporate, credentials, cyber, cybersecurity, data, defense, detection, edr, email, encryption, exploit, finance, firewall, flaw, identity, incident response, infrastructure, insurance, law, least-privilege, malicious, malware, mfa, mobile, phishing, ransom, ransomware, risk, skills, social-engineering, software, strategy, technology, threat, tool, training, update, vulnerability

Staffing, skills, and training: Many organizations continue to find that cybersecurity experts are in short supply, so staffing up teams is a challenge. That can be problematic for a ransomware strategy. Companies need to have a variety of skills in place, including expertise in incident detection and prevention, incident response, firewall configuration, and other areas.They…
French Interior Minister says hackers breached its email servers

Dec 16, 2025 8:19 AM

Tags: attack, cyberattack, email, hacker, threat

The French interior minister confirmed that a cyberattack breached the Interior Ministry, compromising its email servers. The French Interior Minister Laurent Nunez announced on Friday that threat actors compromised email servers at the Ministry of the Interior. The attack was detected overnight between December 11 and 12, and according to the French interior minister, attackers…
French Interior Minister says hackers breached its email servers

Dec 16, 2025 8:19 AM

Tags: attack, cyberattack, email, hacker, threat

The French interior minister confirmed that a cyberattack breached the Interior Ministry, compromising its email servers. The French Interior Minister Laurent Nunez announced on Friday that threat actors compromised email servers at the Ministry of the Interior. The attack was detected overnight between December 11 and 12, and according to the French interior minister, attackers…
BEC: Explaining Business Email Compromise

Dec 15, 2025 11:19 PM

Tags: attack, business, dkim, dmarc, email, scam

Learn what Business Email Compromise (BEC) is, how to spot common scams, respond to attacks, and use SPF, DKIM, and DMARC to prevent future fraud. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/12/bec-explaining-business-email-compromise/
2025’s Top Phishing Trends and What They Mean for Your Security Strategy

Dec 15, 2025 5:19 PM

Tags: attack, email, identity, mfa, phishing, strategy

Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines key phishing trends and what security teams must know as identity-based attacks continue to evolve in 2026. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/2025s-top-phishing-trends-and-what-they-mean-for-your-security-strategy/
16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records

Dec 15, 2025 3:19 PM

Tags: cybersecurity, data, email, leak, linkedin, scam

Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables new scams, and how to protect your PII. First seen on hackread.com Jump to article: hackread.com/mongodb-database-expose-lead-gen-records/
16TB of MongoDB Database Exposes 4.3 Billion Lead Gen Records

Dec 15, 2025 3:19 PM

Tags: cybersecurity, data, email, leak, linkedin, scam

Cybersecurity researchers discovered an unsecured 16TB database exposing 4.3 billion professional records, including names, emails, and LinkedIn data. Learn what happened, why this massive data leak enables new scams, and how to protect your PII. First seen on hackread.com Jump to article: hackread.com/mongodb-database-expose-lead-gen-records/