Tag: email
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
The cyber perimeter was never dead. We just abandoned it.
Tags: access, advisory, authentication, awareness, backup, cisa, ciso, cloud, control, cyber, cybersecurity, data-breach, email, exploit, firewall, flaw, governance, government, Hardware, identity, infrastructure, Internet, resilience, risk, router, rust, service, software, strategy, technology, update, zero-trustIndustry has comforted itself with the idea that the perimeter is dead. It is not. What happened is far worse. We ignored the edge, let unsupported hardware decay in place, and effectively donated our perimeter to adversaries who were more than willing to accept it.The FBI’s Winter SHIELD effort is the operational side of the…
-
Microsoft Copilot Email and Teams Summarization Flaw Opens Door to Phishing Attacks
Artificial intelligence assistants have transformed daily business operations, helping teams manage overflowing inboxes and summarize complex communications. Microsoft Copilot integrates directly into these workflows, pulling context from various Microsoft 365 applications to streamline tasks. However, this convenience introduces a new security boundary: what happens when Copilot follows hidden instructions written by an attacker inside an…
-
Attackers Don’t Just Send Phishing Emails. They Weaponize Your SOC’s Workload
The most dangerous phishing campaigns aren’t just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach.For years, the cybersecurity industry has focused on the front door of phishing defense:…
-
Phishers hide scam links with IPv6 trick in “free toothbrush” emails
United Healthcare impersonators are using an IPv6 trick to hide the real destination of phishing links in emails promising free Oral-B toothbrushes. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/phishers-hide-scam-links-with-ipv6-trick-in-free-toothbrush-emails/
-
Sextortion >>I recorded you<< emails reuse passwords found in disposable inboxes
“You pervert, I recorded you!” sextortion emails include real passwords harvested from public temporary email inboxes. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/sextortion-i-recorded-you-emails-reuse-passwords-found-in-disposable-inboxes/
-
Iran-linked hackers claim cyberattack on Albania’s parliament email systems
In a statement shared with local media, parliament said its main systems and official website remained operational but confirmed that internal email services used by the parliamentary administration had been temporarily suspended. First seen on therecord.media Jump to article: therecord.media/iran-linked-hackers-claim-cyberattack-albania-parliament
-
March Patch Tuesday: Three high severity holes in Microsoft Office
aadsshlogin package. Systems with the extension already installed have packages.microsoft.com configured automatically, so no additional setup is required.”The cloud ecosystem doesn’t really handle patching well,” Reguly said. “It’s a relatively immature process, and the way that Microsoft handles these products really demonstrates that. The CVE impacting Azure Linux Virtual Machines (CVE-2026-23665) or the multiple CVEs…
-
Cal AI, New Owner of MyFitnessPal, Hit by Alleged Breach of 3 Million Users
Cal AI faces data breach claims after hackers post alleged data of 3 million users, including emails, health details, and subscriptions. First seen on hackread.com Jump to article: hackread.com/cal-ai-myfitnesspal-data-breach-3m-users/
-
Phishing Scammers Impersonating City, County Officials, Demanding Payment: FBI
Scammers are impersonating local municipal officials around the country with seemingly legitimate phishing messages demanding payment for permits. The bad actors grab publicly available information and use them in their emails to fool their targets. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/phishing-scammers-impersonating-city-county-officials-demanding-payment-fbi/
-
Inside a bot operator’s email verification infrastructure
During an investigation into a large-scale automated account creation attack targeting one of our customers, we observed a burst of suspicious registration activity. In less than a week, the attackers attempted more than 80,000 registrations. While investigating the registrations, we identified several unusual email domains being used during the First seen on securityboulevard.com Jump to…
-
Cybercriminals impersonating city officials to steal permit payments, FBI says
In a notice on Monday, the agency said people and businesses with active applications for the permits are being targeted with phishing emails that often include detailed, accurate information “including property addresses, case numbers, and the true names of city and county officials.” First seen on therecord.media Jump to article: therecord.media/cybercriminals-impersonate-city-officials-permit-payments
-
Top 10 Best Anti-Phishing Tools in 2026
The cybersecurity landscape has shifted dramatically, and traditional spam filters are no longer enough to protect sensitive enterprise data. As we navigate through 2026, threat actors are leveraging sophisticated AI-powered exploits to bypass standard security protocols, craft hyper-realistic deepfake audio messages, and execute highly targeted Business Email Compromise (BEC) campaigns. Phishing has evolved from obvious,…
-
Attackers use AiTM phishing kit, typosquatted domains to hijack AWS accounts
Phishers are targeting AWS accounts holders with fake email security alerts and redirecting them to a high-fidelity clone of the AWS Management Console sign-in page, Datadog … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/10/aitm-phishing-aws-accounts/
-
Devs looking for OpenClaw get served a GhostClaw RAT
From password theft to persistence: The second stage malware, internally referred to as “GhostLoader,” is a large JavaScript bundle implementing both an infostealer and a remote access framework. Once launched, GhostLoader installs itself into a hidden directory disguised as an npm telemetry service and sets up persistence mechanisms which include shell configuration hooks that automatically…
-
How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows
Artificial Intelligence (AI) is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own.But there is a problem. While these agents make work faster, they also open a new “back…
-
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform
Authorities disrupted the Tycoon 2FA phishing-as-a-service platform used to send millions of phishing emails to over 500,000 orgs worldwide. The joint effort, led by Microsoft, Europol, and industry partners, aimed to target the infrastructure of Tycoon 2FA phishing-as-a-service platform responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. By…
-
Hackers Use Microsoft Teams to Manipulate Employees Into Allowing Remote Access
A newly discovered malware operation is targeting employees at finance and healthcare organizations by posing as internal IT support. Once inside, the attackers deploy a stealthy new tool called the A0Backdoor. Cybersecurity researchers at BlueVoyant have identified a threat group, known as Blitz Brigantine or Storm-1811, using email bombing and Microsoft Teams messages to trick…
-
The Portland Timbers expand from data protection to cybersecurity with Acronis
The Portland Timbers’ continued partnership with Acronis reflects a shared vision for modern cyber resilience, one built on consolidation, threat intelligence and integrated protection. This expansion goes beyond backup and recovery to incorporate cybersecurity capabilities, including Acronis EDR, Acronis RMM and Acronis Email Security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/the-portland-timbers-expand-from-data-protection-to-cybersecurity-with-acronis/
-
MaaS VIP Keylogger Campaign Uses Steganography to Steal Credentials at Scale
A large-scale spear-phishing campaign distributing aVIP Keyloggervariant sold as Malware-as-a-Service (MaaS). The campaign employs steganography, in-memory execution, and modular payload design to evade defenses while harvesting credentials across browsers, email clients, and collaboration tools. Researchers observed fraudulent purchase-order emails that encouraged victims to open an attached RAR file. The compressed archive contained an executable disguised…
-
Hackers abuse .arpa DNS and ipv6 to evade phishing defenses
Threat actors are abusing the special-use “.arpa” domain and IPv6 reverse DNS in phishing campaigns that more easily evade domain reputation checks and email security gateways. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-abuse-arpa-dns-and-ipv6-to-evade-phishing-defenses/