Tag: email
-
Webinar: Why email security teams are drowning in alerts
Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response workflows, reducing alert fatigue and improving operational efficiency. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-why-email-security-teams-are-drowning-in-alerts/
-
CodeStorm Phishing Campaign Targets M365 Tenants With Token Reuse and Replay Attacks
A multi-organization phishing campaign attributed to the CodeStorm family is actively targeting Microsoft 365 tenants with a tenant-aware AiTM (adversary-in-the-middle) phishing kit that combines rotating frontends and backend replay behavior under a stable controller path, /google.php. The human recipient rarely scrolls to that dummy conversation, but automated secure email gateways frequently do; the added “conversation…
-
22nd June Threat Intelligence Report
Texas Parks and Wildlife Department has been affected by a third-party data breach involving its license system vendor. The incident exposed driver’s license information, passport numbers, emails, phone numbers, and residential addresses for […] First seen on research.checkpoint.com Jump to article: research.checkpoint.com/2026/22nd-june-threat-intelligence-report/
-
Security Affairs newsletter Round 582 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Inside GentleKiller: The EDR-Killer Powering The Gentlemen FortiBleed Exposes Global Credential-Spraying Operation CISA Warns of Active…
-
Hackers Claim to Leak Stolen Madison Square Garden Data
Plus: Gay bars in San Francisco using face scanners, France quits Palantir, Apple plans to change its private email and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-hackers-claim-to-leak-stolen-madison-square-garden-data/
-
24B Records Exposed in Massive Leak of Emails, Passwords, and Login Data
Cybernews researchers found an exposed database with 24 billion credential records, raising fresh risks from password reuse and credential stuffing. The post 24B Records Exposed in Massive Leak of Emails, Passwords, and Login Data appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-24-billion-credential-records-exposed-database/
-
124M Passwords Exposed as Infostealer Malware Hits Millions of Devices
Have I Been Pwned has added 124 million passwords and 56 million email addresses from infostealer logs tied to infected devices. The post 124M Passwords Exposed as Infostealer Malware Hits Millions of Devices appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-have-i-been-pwned-infostealer-passwords-124m/
-
Confidence Lacks in Threat Detection Across Non-Email Channels like Slack and Teams
Half of cybersecurity leaders lack confidence in detecting threats on Slack, Teams and other non-email platforms, despite growing attacker focus First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-detection-across-nonemail/
-
Confidence Lacks in Threat Detection Across Non-Email Channels like Slack and Teams
Half of cybersecurity leaders lack confidence in detecting threats on Slack, Teams and other non-email platforms, despite growing attacker focus First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/threat-detection-across-nonemail/
-
Apple’s Hide My Email tweak leaves privacy fans fuming
Apple has long marketed itself as the privacy-first tech giant. So why is it making a change to Hide My Email that will make it easier for websites to block anonymous sign-ups – and harder for you to stay private online? First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/apples-hide-my-email-tweak-leaves-privacy-fans-fuming
-
24 Billion Stolen Credentials Exposed in Massive Data Leak
24 Billion Records Left Open Online: Passwords, Emails, and Everything Else Exposed database with 24 Billion records revealed stolen credentials from infostealers, Telegram channels, and breach collections, risking account takeovers. Cybernews researchers found an exposed Elasticsearch cluster on June 12th containing 24 billion records and more than 8.3 terabytes of data. They triple-checked the numbers.…
-
Fake Boots emails target millions in large phishing campaign
First seen on scworld.com Jump to article: www.scworld.com/brief/fake-boots-emails-target-millions-in-large-phishing-campaign
-
Breach Roundup: ShinyHunters Leaks 26M MSG Records
Tags: attack, breach, cisa, cybersecurity, data, data-breach, email, leak, linux, ransomware, russia, supply-chainAlso, Arch Linux Attack, Estonia Quarantines Russian Emails, Joomla Flaw. This week, ShinyHunters leaked alleged Madison Square Garden data, a U.S. senator pressed CISA on regional staffing cuts, an Arch Linux supply-chain attack, Mackay Sugar began recovery from a ransomware attack, Novo Nordisk faced dueling breach claims – and more compelling cybersecurity news. First seen…
-
AI email attacks are moving fast. Barracuda wants MSPs moving faster
First seen on scworld.com Jump to article: www.scworld.com/news/ai-email-attacks-are-moving-fast-barracuda-wants-msps-moving-faster
-
Apple to change Hide My Email domain, potentially impacting anonymous sign-ups
First seen on scworld.com Jump to article: www.scworld.com/brief/apple-to-change-hide-my-email-domain-potentially-impacting-anonymous-sign-ups
-
FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls
FortiBleed: Admin Passwords for 75,000 Fortinet Firewalls Are Out in the Wild. Half the Internet-Facing Fortinets on the Planet. Security researcher Bob Diachenko found a server sitting open on the internet containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext passwords for tens of thousands of organizations. He posted…
-
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials.Ordinary stuff, until one move near the end.Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim’s machine, building a way back in that did not run through the C2 at all. When…
-
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials.Ordinary stuff, until one move near the end.Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim’s machine, building a way back in that did not run through the C2 at all. When…
-
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
A French-speaking attacker broke into a small French automotive business, planted a keylogger, and stole banking and email credentials.Ordinary stuff, until one move near the end.Before his command-and-control server went dark, he installed OpenSSH and Tailscale on a victim’s machine, building a way back in that did not run through the C2 at all. When…
-
Apple is bringing Hide My Email and Sign in with Apple under one domain
Apple will unify the email domains used by Sign in with Apple and iCloud+ Hide My Email under a shared domain, private.icloud.com, later this summer. Hide My Email is a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/17/apple-hide-my-email-domain-change/
-
Apple plans to change its Hide My Email privacy feature that could make it less effective
In the coming weeks, Apple will move anonymously generated emails addresses to a different domain. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/16/apple-plans-to-change-its-hide-my-email-privacy-feature-that-could-make-it-less-effective/
-
Chinese Espionage Actor Abuses Email Rules to Steal Research Data
Tags: china, compliance, credentials, data, email, espionage, google, group, intelligence, malware, threatThreat Actor Silently Forwarded Sensitive Emails Matching Strategic Topics. Google says Chinese espionage group UNC6508 compromised REDCap environments at North American research institutions, deployed custom malware, stole credentials and covertly forwarded strategically relevant emails through abused compliance rules to support long-term intelligence collection. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/chinese-espionage-actor-abuses-email-rules-to-steal-research-data-a-31993
-
Estonia to quarantine emails sent from Russian .ru domain before they reach government officials
Estonia will require additional security screening for emails sent from Russia’s .ru top-level domain before they reach government officials, according to the country’s minister of justice and digital affairs. First seen on therecord.media Jump to article: therecord.media/estonia-quarantine-russian-emails
-
Ghostwriter APT Uses Fake Gmail Login Panels to Steal Passwords and 2FA Codes
Ghostwriter (UNC1151) has escalated its long-standing phishing operations by deploying convincing fake Gmail login panels that harvest both passwords and two-factor authentication (2FA) codes, CERT Polska reports. The group historically focused on Polish email providers such as Onet, Wirtualna Polska and Interia shifted in March 2026 to high-volume Gmail-targeted campaigns. Attackers send professionally worded Polish-language…
-
Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT.”The attack email contained a message impersonating an MS account security alert,” the Genians Security Center (GSC) said. “It was designed to create concern over possible First seen on…
-
China-linked actor spent two years inside medical research networks
Tags: china, credentials, cyberespionage, email, google, group, intelligence, military, network, threatChina’s UNC6508 hid in North American medical research networks for 2 years, stealing credentials and forwarding emails to Gmail Google’s Threat Intelligence Group published a report this week on UNC6508, a China-linked cyberespionage group that breached North American medical and military research organizations and stayed hidden for more than two years. The earliest confirmed intrusion…
-
Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails
A China-linked espionage group hid inside North American medical, academic, and military research networks for more than a year, quietly stealing sensitive research and defense email.The way in was a backdoor on their REDCap research servers that stole login credentials. The exfiltration was the unusual part: the attackers rewired the victims’ own Google Workspace rules…
-
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search.Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL…
-
Cyberattack on Russian tech firm Astral disrupts business, government services for week
According to customer complaints, the disruption affected a range of services used by businesses, leading to interruptions in cash register operations, difficulties selling certain regulated goods, loss of access to customer portals and corporate email and problems with electronic human resources document management systems and authentication using digital certificates. First seen on therecord.media Jump to…
-
Webinar: How behavioral AI stops phishing and account takeovers
Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and accelerate response times. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/webinar-how-behavioral-ai-stops-phishing-and-account-takeovers/

