Tag: email
-
Iranian Hackers Exploit 100+ Embassy Email Accounts in Global Phishing Targeting Diplomats
An Iran-nexus group has been linked to a “coordinated” and “multi-wave” spear-phishing campaign targeting the embassies and consulates in Europe and other regions across the world.The activity has been attributed by Israeli cybersecurity company Dream to Iranian-aligned operators connected to broader offensive cyber activity undertaken by a group known as Homeland Justice.”Emails were sent to…
-
Pennsylvania Attorney General’s Office Recovers from Ransomware Attack
The Pennsylvania Attorney General’s Office is actively recovering from a ransomware attack that disrupted its operations nearly two weeks ago. The cyberattack, which first came to light on August 18, targeted the agency’s email systems, phone lines, and even brought down its website. State Attorney General Dave Sunday confirmed the breach and stated that progress…
-
TDL 002 – Defending the DNS: How Quad9 Protects the Internet with John Todd
Tags: access, apple, attack, business, china, ciso, communications, control, country, crime, cyber, cybersecurity, data, defense, dns, email, encryption, firewall, google, ibm, india, infrastructure, intelligence, Internet, jobs, law, malicious, malware, network, phishing, privacy, service, strategy, technology, threat, tool, zero-trustSummary The Defender’s Log episode features John Todd from Quad9, discussing their mission to protect the internet through secure DNS. Quad9, a non-profit launched in 2017 with founding partners Global Cyber Alliance, Packet Clearing House, and IBM, provides a free, global recursive DNS resolver that blocks malicious domains. Todd emphasizes that Quad9’s success is a…
-
Navy Federal Credit Union Backup Exposed Online
Researcher: Internal Data Belonging to World’s Largest Lender Exposed on AWS. Navy Federal, the world’s largest credit union, left hundreds of gigabytes of internal backup files exposed on Amazon’s cloud storage service, says cybersecurity researcher Jeremiah Fowler. Exposed data included email addresses, hashed passwords and what appeared to be internal system data. First seen on…
-
Malicious npm Package Masquerades as Popular Email Library
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/malicious-npm-package-email-library/
-
Varonis Acquires ‘AI-Native’ Email Security Vendor SlashNext
Varonis announced Tuesday it’s looking to enter the email security segment with the acquisition of SlashNext, a specialist in utilizing AI for detecting advanced email-based attacks. First seen on crn.com Jump to article: www.crn.com/news/security/2025/varonis-acquires-ai-native-email-security-vendor-slashnext
-
Varonis buys AI email security firm SlashNext
An independent testing firm found that SlashNext’s product has a 100% detection rate for business email compromise and QR code attacks. First seen on cyberscoop.com Jump to article: cyberscoop.com/varonis-slashnext-acquisition-ai-email-security/
-
Jaguar Land Rover ‘severely disrupted’ by cybersecurity incident
Staff at the company’s plant in Halewood, near Liverpool, were sent an email early on Monday morning and told not to report for work, according to the Liverpool Echo. The shutdown is expected to continue into Wednesday, the newspaper reported. First seen on therecord.media Jump to article: therecord.media/jaguar-land-rover-disruption-cyber-incident
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
OneDrive Phishing Attack Targets Corporate Executives for Credential Theft
A newly discovered spearphishing campaign is targeting executives and senior leadership across multiple industries by exploiting trusted OneDrive document”sharing notifications. The Stripe OLT SOC has identified this sophisticated attack, which leverages highly tailored emails to impersonate internal HR communications and harvest corporate credentials through a convincing Microsoft Office/OneDrive login page. At the heart of the…
-
Shadow AI Discovery: A Critical Part of Enterprise AI Governance
The Harsh Truths of AI AdoptionMITs State of AI in Business report revealed that while 40% of organizations have purchased enterprise LLM subscriptions, over 90% of employees are actively using AI tools in their daily work. Similarly, research from Harmonic Security found that 45.4% of sensitive AI interactions are coming from personal email accounts, where…
-
How to Secure Your Email Via Encryption and Password Management
From emailing vendors to communicating with team members, serious business happens in the inbox. That’s why it’s critical to secure it. These TechRepublic Premium resources can help. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/securing-your-email-inbox/
-
How to Secure Your Email Via Encryption and Password Management
From emailing vendors to communicating with team members, serious business happens in the inbox. That’s why it’s critical to secure it. These TechRepublic Premium resources can help. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/securing-your-email-inbox/
-
Agentic AI: A CISO’s security nightmare in the making?
Tags: access, ai, antivirus, api, attack, automation, ciso, compliance, cybersecurity, data, defense, detection, email, endpoint, exploit, framework, governance, law, leak, malicious, malware, open-source, privacy, risk, service, strategy, supply-chain, tool, vulnerabilityFree agents: Autonomy breeds increased risks: Agentic AI introduces the ability to make independent decisions and act without human oversight. This capability presents its own cybersecurity risk by potentially leaving organizations vulnerable.”Agentic AI systems are goal-driven and capable of making decisions without direct human approval,” Joyce says. “When objectives are poorly scoped or ambiguous, agents…
-
Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems.The package, named nodejs-smtp, impersonates the legitimate email library nodemailer with an identical tagline, page styling, and README descriptions, attracting a total of 347 First seen…
-
Austria’s Interior Ministry Says 100 Email Accounts Breached
No Law Enforcement Information or Austrian Personal Data Compromised, Officials Say. The Austrian government said a targeted and professional hack attack breached about 100 government email accounts in its interior ministry, which is chiefly responsible for public safety. Attackers also stole data, although officials said no law enforcement or personal data was exposed. First seen…
-
Hackers Threaten Google Following Data Exposure
A recent breach involving a third-party Salesforce system used by Google has sparked an unusual escalation. Although no Gmail inboxes, passwords, or internal Google systems were accessed, attackers gained entry to a sales database that included names, phone numbers, email addresses, and internal notes related to small business clients. This type of data is often……
-
Hackers Threaten Google Following Data Exposure
A recent breach involving a third-party Salesforce system used by Google has sparked an unusual escalation. Although no Gmail inboxes, passwords, or internal Google systems were accessed, attackers gained entry to a sales database that included names, phone numbers, email addresses, and internal notes related to small business clients. This type of data is often……
-
Hackers Exploit Email Marketing Platforms to Deliver Hidden Malware
Tags: cyber, defense, email, exploit, hacker, incident response, infrastructure, intelligence, malicious, malware, phishing, threatIn recent months, Trustwave SpiderLabs”, a LevelBlue company renowned for its threat intelligence and incident response services”, has observed a marked uptick in phishing campaigns that leverage legitimate email marketing platforms to cloak malicious links. By hijacking established infrastructure and URL redirectors, attackers are evading traditional defenses and duping recipients into divulging sensitive information. To…
-
Malicious npm Package Impersonates Popular Nodemailer, Puts 3.9M Weekly Downloads at Risk of Crypto Theft
A sophisticated cryptocurrency theft scheme involving a malicious npm package that masquerades as the widely-used Nodemailer email library while secretly hijacking desktop cryptocurrency wallets on Windows systems. Socket’s Threat Research Team identified the malicious package, nodejs-smtp, which impersonates the legitimate Nodemailer library that averages approximately 3.9 million weekly downloads. The fraudulent package employs a clever…
-
Fraudster stole over $1.5 million from city of Baltimore
Scammer stole $1.5M from Baltimore by posing as a vendor and tricking staff into changing bank account details. A scammer stole over $1.5M from Baltimore city by spoofing a vendor and convincing staff to alter bank details, which appears to be a classic Business Email Compromise (BEC) attack. Between February and March 2025, the city’s…
-
Security Affairs newsletter Round 539 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships New zero-click exploit allegedly used…
-
SSA Whistleblower’s Resignation Email Mysteriously Disappeared From Inboxes
Less than 30 minutes after the Social Security Administration’s chief data officer resigned following a whistleblower complaint, recipients could no longer access the resignation email. First seen on wired.com Jump to article: www.wired.com/story/charles-borges-resignation-email-disappearance/
-
Google warns Salesloft breach impacted some Workspace accounts
Google reports that the Salesloft Drift breach is larger than initially thought, warning that attackers also used stolen OAuth tokens to access Google Workspace email accounts in addition to Salesforce data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-warns-salesloft-breach-impacted-some-workspace-accounts/
-
Law firm email blunder exposes Church of England abuse victim details
Apology issued after names tied to redress scheme revealed in mass mailing First seen on theregister.com Jump to article: www.theregister.com/2025/08/28/lawyer_coe_email_blunder/