Tag: email

13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
13 ways attackers use generative AI to exploit your systems

Feb 23, 2026 9:01 AM

Tags: access, ai, attack, authentication, awareness, breach, captcha, ceo, chatgpt, ciso, cloud, credentials, crypto, cyber, cyberattack, cybercrime, cybersecurity, dark-web, data, deep-fake, defense, detection, email, espionage, exploit, extortion, finance, flaw, framework, fraud, google, government, group, hacker, identity, infrastructure, intelligence, law, LLM, login, malicious, malware, marketplace, network, open-source, password, phishing, privacy, ransomware, resilience, risk, saas, scam, service, social-engineering, startup, supply-chain, tactics, technology, theft, threat, tool, vulnerability, zero-day

Facilitating malware development: AI can also be used to generate more sophisticated, or less labour-intensive, malware.For example, cybercriminals are using gen AI to create malicious HTML documents. The XWorm attack, initiated by HTML smuggling, which contains malicious code that downloads and runs the malware, bears the hallmarks of development via AI.”The loader’s detailed line-by-line description…
Security Affairs newsletter Round 564 by Pierluigi Paganini INTERNATIONAL EDITION

Feb 22, 2026 4:01 PM

Tags: cisa, data, email, exploit, finance, flaw, international, kev, vulnerability, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog PayPal discloses extended data…
PayPal Flaw Exposed Email Addresses, Social Security Numbers for 6 Months

Feb 21, 2026 6:02 AM

Tags: data, data-breach, email, finance, flaw, software

PayPal disclosed a software error in its Working Capital platform that exposed sensitive customer data, including Social Security numbers, for months in 2025. The post PayPal Flaw Exposed Email Addresses, Social Security Numbers for 6 Months appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-paypal-working-capital-data-exposure-2025/
Why Legacy Software Modernization is Critical for Data Security

Feb 21, 2026 5:01 AM

Tags: data, email, software, tool

An in-depth Suped review covering features, pricing, pros and cons, and real-world use cases. Discover whether Suped is the right email deliverability tool for your business. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/why-legacy-software-modernization-is-critical-for-data-security/
PayPal discloses extended data leak linked to Loan App glitch

Feb 21, 2026 12:02 AM

Tags: breach, business, data, data-breach, email, finance, flaw, leak, phone, software

PayPal disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error. PayPal has disclosed a data breach caused by a software bug in its PayPal Working Capital loan app. The flaw exposed sensitive customer information, including customers’ business contact details (name, email, phone number, address), along…
Using threat modeling and prompt injection to audit Comet

Feb 20, 2026 7:01 PM

Tags: access, ai, attack, captcha, control, data, defense, detection, email, endpoint, exploit, framework, injection, Internet, law, least-privilege, LLM, malicious, ml, monitoring, privacy, RedTeam, risk, social-engineering, threat, tool, training, update, vulnerability

Before launching their Comet browser, Perplexity hired us to test the security of their AI-powered browsing features. Using adversarial testing guided by our TRAIL threat model, we demonstrated how four prompt injection techniques could extract users’ private information from Gmail by exploiting the browser’s AI assistant. The vulnerabilities we found reflect how AI agents behave…
Copilot spills the beans, summarizing emails it’s not supposed to read

Feb 20, 2026 6:01 PM

Tags: data, email

Data Loss Prevention? Yeah, about that… First seen on theregister.com Jump to article: www.theregister.com/2026/02/18/microsoft_copilot_data_loss_prevention/
Microsoft 365 Copilot Bug Circumvented DLP Controls

Feb 20, 2026 6:01 PM

Tags: ai, control, email, governance, microsoft

Microsoft confirmed a Copilot Chat bug that summarized confidential emails despite active DLP controls, raising AI governance concerns in Microsoft 365. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/microsoft-365-copilot-bug-circumvented-dlp-controls/
DMARC Providers in 2026: Top DMARC Services and Enterprise Solutions

Feb 20, 2026 5:02 PM

Tags: dmarc, email, service

Originally published at DMARC Providers in 2026: Top DMARC Services and Enterprise Solutions by EasyDMARC. Email security requirements are getting stricter every year. … First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/dmarc-providers-in-2026-top-dmarc-services-and-enterprise-solutions/
DMARC Providers in 2026: Top DMARC Services and Enterprise Solutions

Feb 20, 2026 5:02 PM

Tags: dmarc, email, service

Originally published at DMARC Providers in 2026: Top DMARC Services and Enterprise Solutions by EasyDMARC. Email security requirements are getting stricter every year. … First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/dmarc-providers-in-2026-top-dmarc-services-and-enterprise-solutions/
Ready to Move On: How to Evaluate, Select, and Deploy Modern Email Security

Feb 20, 2026 3:01 PM

Tags: email, guide

<div cla Part 4 of a 4-Part Series: The SEG Breakup Guide for MSPs First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/ready-to-move-on-how-to-evaluate-select-and-deploy-modern-email-security/
Hackers breach contractor linked to Ukraine’s central bank collectible coin store

Feb 20, 2026 2:01 PM

Tags: access, breach, data, email, finance, hacker, phone, ukraine

The National Bank of Ukraine announced that attackers may have gained access to users’ personal data, including names, phone numbers, email addresses and delivery addresses, in a recent cyberattack. First seen on therecord.media Jump to article: therecord.media/hackers-breach-ukraine-national-bank-contractor
PayPal launches latest struggle to get rid of SMS for MFA

Feb 20, 2026 9:01 AM

Tags: authentication, ceo, ciso, communications, compliance, cybersecurity, email, finance, fraud, government, group, login, mfa, mobile, nfc, passkey, password, phishing, risk, service, strategy, switch, update

Muddled effort, mixed messages Flavio Villanustre, CISO for the LexisNexis Risk Solutions Group, says he’s “always found it odd” that PayPal still supports SMS as its primary secondary authentication factor.”Everyone in financial services and government has abandoned it for not being sufficiently secure and are moving to even phishing-resistant authentication, such as passkeys, Yubikeys,” he…
New phishing campaign tricks employees into bypassing Microsoft 365 MFA

Feb 20, 2026 5:01 AM

Tags: access, attack, awareness, business, credentials, defense, email, google, identity, incident response, least-privilege, login, malicious, mfa, microsoft, monitoring, office, phishing, risk, saas, social-engineering, training

microsoft.com. But the attacker has pre-registered their device to get the code for [the victim] to verify.”David Shipley, head of Canadian security awareness training provider Beauceron Security, said OAuth device code attacks have been gaining steam since 2024. “It’s the natural evolutionary response to improvements in account security, particularly MFA”, he said. The easiest defense is…
Your Most Dangerous User Is Not Human: How AI Agents and MCP Servers Broke the Internal API Walled Garden

Feb 20, 2026 1:01 AM

Tags: access, ai, api, attack, business, ciso, data, defense, email, exploit, governance, guide, hacker, malicious, microsoft, network, office, risk, threat, tool, vulnerability, waf

Highlights The Perimeter is Porous: Modern Agentic AI and the Model Context Protocol (MCP) have effectively turned internal data centers inside out, making the “internal API” security model obsolete. The “Confused Deputy” Risk: Legitimate AI agents act as trusted internal entities but can be exploited to bypass Data Loss Prevention (DLP) policies, as seen in…
Figure Data Breach Exposes Nearly 1 Million Customers Online

Feb 19, 2026 7:01 PM

Tags: breach, data, data-breach, email, fintech, social-engineering

Fintech lender Figure suffered a social-engineering breach that led to a data dump online. Have I Been Pwned found 967,200 exposed email records. The post Figure Data Breach Exposes Nearly 1 Million Customers Online appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-figure-data-breach-967200-email-records/
DEF CON bans three Epstein-linked men from future events

Feb 19, 2026 3:01 PM

Tags: email

Emails show all discussed networking and biz interests with the sex offender throughout the 2010s First seen on theregister.com Jump to article: www.theregister.com/2026/02/19/def_con_epstein_bans/
CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

Feb 19, 2026 2:01 PM

Tags: access, authentication, cctv, cisa, cve, cybersecurity, email, flaw, infrastructure, unauthorized

CISA warns Honeywell CCTVs are affected by a critical auth bypass flaw (CVE-2026-1670) allowing unauthorized access or account hijacking. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that Honeywell CCTVs are affected by a critical authentication bypass flaw, tracked as CVE-2026-1670 (CVSS score of 9.8), that lets attackers change the recovery email without logging…
CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

Feb 19, 2026 2:01 PM

Tags: access, authentication, cctv, cisa, cve, cybersecurity, email, flaw, infrastructure, unauthorized

CISA warns Honeywell CCTVs are affected by a critical auth bypass flaw (CVE-2026-1670) allowing unauthorized access or account hijacking. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns that Honeywell CCTVs are affected by a critical authentication bypass flaw, tracked as CVE-2026-1670 (CVSS score of 9.8), that lets attackers change the recovery email without logging…
SPF Alignment: Why is it Important for Improving DMARC

Feb 19, 2026 1:01 PM

Tags: dmarc, email

Originally published at SPF Alignment: Why is it Important for Improving DMARC by EasyDMARC. Every day, inboxes receive millions of emails that … First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/spf-alignment-why-is-it-important-for-improving-dmarc/
Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via DNS

Feb 19, 2026 10:01 AM

Tags: cyber, dns, email, hacker, malicious, malware, phishing, social-engineering, tool

Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The >>ClickFix<>fix<< a fake browser error, has undergone significant evolution. Security researcher Muhammad Hassoub has observed attackers moving away from high-noise tools that trigger immediate […] The post Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via…
Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via DNS

Feb 19, 2026 10:01 AM

Tags: cyber, dns, email, hacker, malicious, malware, phishing, social-engineering, tool

Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The >>ClickFix<>fix<< a fake browser error, has undergone significant evolution. Security researcher Muhammad Hassoub has observed attackers moving away from high-noise tools that trigger immediate […] The post Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via…
Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via DNS

Feb 19, 2026 10:01 AM

Tags: cyber, dns, email, hacker, malicious, malware, phishing, social-engineering, tool

Social engineering campaigns are becoming increasingly sophisticated, moving beyond simple phishing emails to more complex technical deceptions. The >>ClickFix<>fix<< a fake browser error, has undergone significant evolution. Security researcher Muhammad Hassoub has observed attackers moving away from high-noise tools that trigger immediate […] The post Hackers Abuse nslookup.exe in ClickFix Campaign to Deliver Malware via…
Microsoft 365 Copilot Vulnerability Exposes Sensitive Emails Through AI Summaries

Feb 19, 2026 7:01 AM

Tags: ai, cyber, data, email, flaw, microsoft, unauthorized, vulnerability

A security flaw in Microsoft 365 Copilot is currently causing the AI assistant to incorrectly summarize email messages protected by confidentiality sensitivity labels, essentially bypassing configured Data Loss Prevention (DLP) policies. This vulnerability exposes potentially sensitive organizational data to unauthorized AI processing. The issue, tracked under Microsoft reference CW1226324, was first flagged on February 4,…
OWASP Agentic Top 10: Agent Goal Hijack FireTail Blog

Feb 19, 2026 1:01 AM

Tags: ai, attack, control, data, email, finance, LLM, malicious, microsoft, risk, strategy, tool, unauthorized, zero-trust

Feb 18, 2026 – Lina Romero – What is Agent Goal Hijack?Agent Goal Hijack occurs when an attacker manipulates an agent’s objectives or decision pathways. Unlike traditional LLM attacks that focus on altering a single response, ASI01 targets the planning logic of the agent.Agents rely on natural-language instructions, so they often can’t reliably distinguish between…
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI

Feb 18, 2026 10:01 PM

Tags: ai, corporate, data, data-breach, email, flaw, microsoft, privacy

Microsoft Corp. confirmed it is addressing a significant security lapse that allowed its Copilot AI to bypass privacy protections and summarize users’ confidential emails without authorization. The bug, which has persisted since late January, effectively ignored data loss prevention (DLP) protocols designed to keep sensitive corporate information out of the reach of large language models..…
Microsoft Patches Security Flaw That Exposed Confidential Emails to AI

Feb 18, 2026 10:01 PM

Tags: ai, corporate, data, data-breach, email, flaw, microsoft, privacy

Microsoft Corp. confirmed it is addressing a significant security lapse that allowed its Copilot AI to bypass privacy protections and summarize users’ confidential emails without authorization. The bug, which has persisted since late January, effectively ignored data loss prevention (DLP) protocols designed to keep sensitive corporate information out of the reach of large language models..…
Data breach at fintech giant Figure affects close to a million customers

Feb 18, 2026 7:58 PM

Tags: breach, data, data-breach, email, fintech, hacker, phone

The Figure data breach allowed hackers to steal customer names, dates of birth, physical addresses, phone numbers, and email addresses. First seen on techcrunch.com Jump to article: techcrunch.com/2026/02/18/data-breach-at-fintech-giant-figure-affects-close-to-a-million-customers/
Substack Breach May Have Leaked Nearly 700,000 User Details Online

Feb 18, 2026 7:58 PM

Tags: breach, data-breach, email, hacker, phone

Substack says hackers accessed user emails, phone numbers, and internal metadata in October 2025, with a database of 697,313 records later posted online. The post Substack Breach May Have Leaked Nearly 700,000 User Details Online appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-substack-data-breach-user-accounts-leaked/