Tag: email
-
ShinyHunters claim they have cruise giant Carnival’s booty as 7.5M emails surface
Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records First seen on theregister.com Jump to article: www.theregister.com/2026/04/24/shinyhunters_claim_cruise_giant_carnivals/
-
ShinyHunters claim they have cruise giant Carnival’s booty as 7.5M emails surface
Leak-site bragging meets breach hunters as Have I Been Pwned flags millions of records First seen on theregister.com Jump to article: www.theregister.com/2026/04/24/shinyhunters_claim_cruise_giant_carnivals/
-
DANE Authentication for Enterprise Email Security
Learn how DANE authentication helps secure email in transit, why DNSSEC is essential, and where deployment can become operationally complex. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/dane-authentication-for-enterprise-email-security/
-
The Guardian view on Anthropic’s Claude Mythos: when AI finds every flaw, who controls the internet? | Editorial
Tech can scale cyber-attacks and defences alike, raising questions about private power, public risk and the future of a shared internetAnthropic announced its latest AI model, <a href=”https://www.theguardian.com/technology/2026/apr/08/anthropic-ai-cybersecurity-software”>Claude Mythos, this month but said it would not be released publicly, because it turns computers into crime scenes. The company claimed that it could find previously unknown…
-
Google brings instant email verification to Android, no OTP needed
Google has introduced cryptographically verified email credentials for Android through the Credential Manager API. This API aligns with the W3C Digital Credential API … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/23/android-verified-email-credentials-feature/
-
Some Interrail travellers told to cancel passports as hacked data posted online
Eurail, which sells passes, says data being ‘offered for sale on dark web’ after December breach affecting 300,000 peopleHolidaymakers across Europe are facing the stress and expense of getting new passports after their personal data was posted on the dark web following a hack of the Interrail company Eurail.Personal data, including passport numbers, names, phone…
-
New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert
An Apple account notification has been exploited in a new email phishing attack that comes with a fake iPhone purchase claim. The post New Apple Phishing Scam Uses Fake $899 iPhone Purchase Alert appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-phishing-scam-fake-899-iphone-purchase-alert/
-
Attacking the MCP Trust Boundary
Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of. Its central…
-
Attacking the MCP Trust Boundary
Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of. Its central…
-
Attacking the MCP Trust Boundary
Every secure API draws a line between code and data. HTTP separates headers from bodies. SQL has prepared statements. Even email distinguishes the envelope from the message. The Model Context Protocol (MCP), the fast-growing standard for connecting AI agents to external services, inherits that gap from the models it sits on top of. Its central…
-
Toxic Combinations: When Cross-App Permissions Stack into Risk
On January 31, 2026, researchers disclosed that Moltbook, a social network built for AI agents, had left its database wide open, exposing 35,000 email addresses and 1.5 million agent API tokens across 770,000 active agents.The more worrying part sat inside the private messages. Some of those conversations held plaintext third-party credentials, including OpenAI API keys…
-
Sendmarc Review: Features, User Experiences, Pros Cons (2026)
Tags: emailIs Sendmarc worth it in 2026? Discover its features, limitations, user reviews, and how it compares to PowerDMARC for email security. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/sendmarc-review-features-user-experiences-pros-cons-2026/
-
Two MDO field reports every IT security lead should read
<div cla Tyler Swinehart, Director of Global IT & Security at IRONSCALES, has been publishing the kind of LinkedIn pieces I wish more practitioners would write. No vendor angle. No positioning. Just “here’s what I learned the hard way operating this thing in production, and here’s what nobody told me until it was too late.”…
-
Thunderbird 150 arrives with encrypted message search and OpenPGP improvements
Tags: emailReleased today, Thunderbird 150.0 brings eight new features, a round of bug fixes, and security patches that cover the web engine underlying the email client. Thunderbird … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/thunderbird-150-released/
-
Thunderbird 150 arrives with encrypted message search and OpenPGP improvements
Tags: emailReleased today, Thunderbird 150.0 brings eight new features, a round of bug fixes, and security patches that cover the web engine underlying the email client. Thunderbird … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/21/thunderbird-150-released/
-
Real Apple notifications are being used to drive tech support scams
Scammers have found a way to abuse legitimate Apple notification emails to trick people into calling fake tech support numbers. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/real-apple-notifications-are-being-used-to-drive-tech-support-scams/
-
Why identity is the driving force behind digital transformation
Who they are and what they are up to.The project they are working on.Which environment should they use?Using this information, the system can determine which resource someone needs, when they need it and how to use it. The principle behind it is ‘never trust, always verify’. With it, errors that normally occur are reduced, less…
-
Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul
Fake emails already doing the rounds as ransomware crew boasts about what it allegedly stole First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/adaptavist_group_breach_spawns_impostor/
-
GitHub Issue Alerts Exploited in OAuth Phishing Scam Targeting Developers
Hackers are abusing GitHub’s own issue-notification emails to phish developers and silently take over their repositories using malicious OAuth applications, effectively turning trusted DevOps tooling into a supply-chain attack vector. Developers are now prime targets because compromising their accounts gives attackers direct access to source code CI/CD pipelines, and production workflows, making this a textbook supply-chain attack…
-
AI job scams are booming and I was fooled by one. Here is how to avoid them
Fraudsters are using the promise of fake roles to trick job-seekers out of money, personal information or both, and with the help of AI they are more convincing than ever. But there are ways to spot themThere were clues from the start that it was too good to be true. A headhunter emailed me with…
-
Hackers exploit Vercel’s trust in AI integration
Allegedly breached by ShinyHunters: According to screenshots circulating on the internet, a threat actor has already claimed the breach on the dark web and is attempting to sell the spoils. “Greetings All, Today I am selling Access Key/ Source Code/ Database from Vercel company,” the actor said in one of such posts. “Give me a…
-
AI platform ATHR makes voice phishing a one-person job
For $4,000 and a cut of the take, a lone criminal can now run a fully automated voice-phishing operation via ATHR, a plaform that spoofs emails alerts from Google, Microsoft, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/20/athr-voice-phishing-ai-platform/
-
What is DANE? DNS-Based Authentication of Named Entities Explained (2026)
DANE (DNS-Based Authentication of Named Entities) uses DNSSEC and TLSA records to secure TLS certificates and prevent man-in-the-middle attacks on email and the web. Here’s how it works. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/what-is-dane-dns-based-authentication-of-named-entities-explained-2026/
-
Public Notion Pages Expose Editors’ Profile Photos and Email Addresses
A significant data exposure issue has been brought to light regarding Notion, a highly popular productivity and note-taking application. This exposure happens without requiring any authentication, cookies, or access tokens, leaving thousands of indexable company wikis and personal pages vulnerable to data scraping. For organizations that rely on Notion for public-facing documentation, this poses a…
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
Security Affairs newsletter Round 573 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware Nexcorium Mirai variant…