Tag: email
-
Oracle customers being bombarded with emails claiming widespread data theft
Researchers tell CyberScoop that notorious ransomware group Clop may be behind the email barrage. First seen on cyberscoop.com Jump to article: cyberscoop.com/clop-claims-oracle-customers-data-theft/
-
Clop extortion emails claim theft of Oracle E-Business Suite data
Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/clop-extortion-emails-claim-theft-of-oracle-e-business-suite-data/
-
Fake Google Careers Recruiters Target Gmail Users in Phishing Scam
Phishing emails posing as Google recruiters steal Gmail logins, exploiting Salesforce spoofing and Cloudflare to bypass defenses. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/google-careers-phishing-scheme/
-
New bug in classic Outlook can only be fixed via Microsoft support
Microsoft is investigating a known issue that causes the classic Outlook email client to crash upon launch, which can only be resolved via Exchange Online support. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/new-bug-in-classic-outlook-can-only-be-fixed-via-microsoft-support/
-
MCP Developer Executes Sneaky Heel Turn by Copying Emails
Backdoored NPM Module Sent Sensitive Mail Copies to Threat Actor. A patient hacker hooked victims by building a reliable tool integrated into hundreds of developer workflows that connects artificial intelligence agents with an email platform. The unidentified software engineer published 15 flawless versions until he slipped in code copying users’ emails. First seen on govinfosecurity.com…
-
New MatrixPDF toolkit turns PDFs into phishing and malware lures
A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential theft or malware downloads. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-matrixpdf-toolkit-turns-pdfs-into-phishing-and-malware-lures/
-
Hackers Posing as Google Careers Recruiter to Steal Gmail Login Details
An emerging phishing campaign is targeting job seekers by masquerading as Google Careers recruiters, delivering seemingly legitimate emails that lead victims to malicious sites designed to harvest Gmail credentials. Security researchers have uncovered a sophisticated multi-stage attack that leverages Salesforce infrastructure, Cloudflare protection and WebSocket command-and-control to manipulate victims into surrendering sensitive information. The phishing…
-
CISA Issues Alert on Actively Exploited Libraesva ESG Command Injection Vulnerability
Tags: cisa, cve, cyber, cybersecurity, email, exploit, infrastructure, injection, threat, vulnerabilityThe Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert highlighting the active exploitation of a serious vulnerability in the Libraesva Email Security Gateway (ESG). Cataloged as CVE-2025-59689, this command injection vulnerability has emerged as a significant threat for organizations relying on Libraesva’s email security defenses. Libraesva’s Email Security Gateway is widely…
-
Fraudulent email domain tracker: September 2025
This is the sixth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in August’s report, our goal is to equip security and anti-fraud teams with greater visibility into the email infrastructure commonly exploited by bots and fraudsters. What this list includes: The First seen on securityboulevard.com Jump to article:…
-
Fraudulent email domain tracker: September 2025
This is the sixth edition of our monthly tracker highlighting email domains linked to fraudulent activity. Just like in August’s report, our goal is to equip security and anti-fraud teams with greater visibility into the email infrastructure commonly exploited by bots and fraudsters. What this list includes: The First seen on securityboulevard.com Jump to article:…
-
Malicious Code in Fake Postmark MCP Server Steals Thousands of Emails
A newly discovered attack on the npm ecosystem has exposed a deceptive backdoor embedded in a malicious package impersonating Postmark. The package, named postmark-mcp, quietly siphoned off thousands of emails from unsuspecting developers and organizations, all with just one line of code. Over the course of 15 incremental releases, the threat actor behind postmark-mcp built…
-
Sneaky, Malicious MCP Server Exfiltrates Secrets via BCC
The first known malicious MCP server is an AI integration tool that automatically sends email such as those related to password resets, account confirmations, security alerts, invoices, and receipts to threat actors. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/malicious-mcp-server-exfiltrates-secrets-bcc
-
One line of malicious npm code led to massive Postmark email heist
MCP plus open source plus typosquatting “¦ what could possibly go wrong? First seen on theregister.com Jump to article: www.theregister.com/2025/09/29/postmark_mcp_server_code_hijacked/
-
Microsoft Flags AI-Driven Phishing: LLM-Crafted SVG Files Outsmart Email Security
Microsoft is calling attention to a new phishing campaign primarily aimed at U.S.-based organizations that has likely utilized code generated using large language models (LLMs) to obfuscate payloads and evade security defenses.”Appearing to be aided by a large language model (LLM), the activity obfuscated its behavior within an SVG file, leveraging business terminology and a…
-
First Malicious MCP Server Found Stealing Emails in Rogue Postmark-MCP Package
Cybersecurity researchers have discovered what has been described as the first-ever instance of a Model Context Protocol (MCP) server spotted in the wild, raising software supply chain risks.According to Koi Security, a legitimate-looking developer managed to slip in rogue code within an npm package called “postmark-mcp” that copied an official Postmark Labs library of the…
-
SMS Pools and what the US Secret Service Really Found Around New York
Tags: apple, authentication, business, china, conference, control, country, credit-card, crime, crypto, data, email, exploit, finance, fraud, google, group, Hardware, infrastructure, iphone, jobs, korea, law, linux, mfa, mobile, phishing, phone, scam, service, smishing, software, theft, usa, windowsLast week the United Nations General Assembly kicked off in New York City. On the first day, a strange US Secret Service press conference revealed that they had seized 300 SIM Servers with 100,000 SIM cards. Various media outlets jumped on the idea that this was some state-sponsored sleeper cell waiting to destroy telecommunication services…
-
Security Affairs newsletter Round 543 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ohio’s Union County suffers ransomware attack impacting 45,000 people ForcedLeak flaw in Salesforce Agentforce exposes CRM…
-
Researchers Expose Phishing Threats Distributing CountLoader and PureRAT
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner.”The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments,” Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with…
-
Hackers Use Fake Invoices to Spread XWorm RAT via Office Files
Hackers are sending fake invoice emails with malicious Office files that install the XWorm RAT on Windows systems, allowing full remote access and data theft. Learn how the shellcode and process injection are used to steal data, and how to stay safe from this persistent threat. First seen on hackread.com Jump to article: hackread.com/hackers-fake-invoices-xworm-rat-office-files/
-
Researchers Expose SVG and PureRAT Phishing Threats Targeting Ukraine and Vietnam
A new campaign has been observed impersonating Ukrainian government agencies in phishing attacks to deliver CountLoader, which is then used to drop Amatera Stealer and PureMiner.”The phishing emails contain malicious Scalable Vector Graphics (SVG) files designed to trick recipients into opening harmful attachments,” Fortinet FortiGuard Labs researcher Yurren Wan said in a report shared with…
-
Microsoft shares temp fix for Outlook encrypted email errors
Microsoft is investigating a known issue that triggers Outlook errors when opening encrypted emails sent from other organizations. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-outlook-encrypted-email-errors/
-
Trust in MCP takes first inwild hit via squatted Postmark connector
Risks persist even after package removal: Koi security researchers did not hear back when they reached out to the developer (attacker) of version 1.0.16 for clarification on the added ‘Bcc:’. Instead, they noticed the package promptly removed, even before they could report it to npm.However, deleting the package won’t remove it from the machines it…
-
Malicious MCP Server Discovered Stealing Sensitive Emails Using AI Agents
Enterprises everywhere are embracing MCP servers”, tools that grant AI assistants “god-mode” permissions to send emails, run database queries, and automate tedious tasks. But no one ever stopped to ask: Who built these tools? Today, the first real-world malicious MCP server”, postmark-mcp”, has emerged, quietly exfiltrating every email it processes. Since its initial release, postmark-mcp…
-
Trust on MCP takes first inwild hit via squatted Postmark connector
Risks persist even after package removal: Koi security researchers did not hear back when they reached out to the developer (attacker) of version 1.0.16 for clarification on the added ‘BCC’. Instead, they noticed the package promptly removed, even before they could report it to npm.However, deleting the package won’t remove it from the machines it…
-
Trust on MCP takes first inwild hit via squatted Postmark connector
Risks persist even after package removal: Koi security researchers did not hear back when they reached out to the developer (attacker) of version 1.0.16 for clarification on the added ‘BCC’. Instead, they noticed the package promptly removed, even before they could report it to npm.However, deleting the package won’t remove it from the machines it…
-
Malicious MCP Server Found Quietly Stealing Emails
A popular MCP server in the NPM repository that was being downloaded 1,500 times a week suddenly began quietly copying emails and sending them to a C2 server after the developer inserted a line of code. Koi Security researchers said the incident highlights the security threats organizations are letting in through their blind trust of…
-
Unofficial Postmark MCP npm silently stole users’ emails
A npm package copying the official ‘postmark-mcp’ project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users’ email communication. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/unofficial-postmark-mcp-npm-silently-stole-users-emails/
-
Malicious AI Agent Server Reportedly Steals Emails
The security researchers who discovered the malicious npm package called it the “first malicious MCP in the wild” First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-ai-agent-server/