Tag: email
-
Security Affairs newsletter Round 533 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release Authorities released free decryptor for Phobos and…
-
Threat actors scanning for apps incorporating vulnerable Spring Boot tool
Tags: access, attack, authentication, ciso, compliance, country, credentials, cybersecurity, data, data-breach, email, encryption, endpoint, exploit, finance, flaw, governance, group, hacker, incident response, infrastructure, Internet, kev, nist, organized, password, risk, technology, threat, tool, vulnerability, zero-day/health endpoints, commonly used to detect internet-exposed Spring Boot deployments. If vulnerable implementations of apps, including TeleMessage SGNL, are found, they could be exploited to steal sensitive data in heap memory, including plaintext usernames and passwords. The hole is serious enough that it was added this week to the US Cybersecurity and Infrastructure Security Agency’s Known Exploited…
-
Snake Keylogger Bypasses Windows Defender and Uses Scheduled Tasks to Steal Credentials
Threat actors have been using a sophisticated phishing operation to impersonate Turkish Aerospace Industries (TUSAÅž) in order to attack Turkish businesses, especially those in the defense and aerospace sectors. The campaign distributes malicious emails masquerading as contractual documents, such as the file >>TEKLÄ°F Ä°STEĞİ TUSAÅž TÜRK HAVACILIK UZAY SANAYÄ°Ä°_xlsx.exe
-
New QR Code Attacks Through PDFs Bypass Detection and Steal Credentials
Tags: attack, communications, credentials, cyber, detection, email, exploit, intelligence, phishing, qrResearchers at Cyble Research and Intelligence Labs (CRIL) have uncovered an ongoing quishing campaign dubbed >>Scanception,
-
Russia Linked to New Malware Targeting Email Accounts for Espionage
Russian military intelligence-linked hackers are using a new malware called “Authentic Antics” to secretly access Microsoft cloud email accounts, the UK’s NCSC reports First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/new-malware-targeting-email/
-
Microsoft Defender for Office 365 Gets Enhanced Threat Dashboard
Microsoft has announced significant transparency improvements for its email security platform, introducing a new customer-facing dashboard that provides detailed visibility into threat protection effectiveness across organizations. The enhanced dashboard for Microsoft Defender for Office 365 represents a major step toward data-driven cybersecurity decision-making, offering security teams unprecedented insight into how their email protection systems perform…
-
Malware-as-a-Service Campaign Exploits GitHub to Deliver Payloads
A new malware campaign uses GitHub to deliver payloads via Amadey botnet, bypassing email distribution First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/maas-campaign-github-payloads/
-
China-linked hackers target Taiwan chip firms in a coordinated espionage campaign
Tags: access, ai, attack, china, compliance, control, credentials, cyber, cybersecurity, detection, email, espionage, exploit, finance, framework, government, group, hacker, intelligence, international, login, monitoring, network, phishing, software, supply-chain, technology, threat, warfareInvestment banks in the crosshairs: A second group, UNK_DropPitch, targeted the financial ecosystem surrounding Taiwan’s semiconductor industry. This group conducted phishing campaigns against investment banks, focusing on individuals specializing in Taiwanese semiconductor analysis. The phishing emails purported to come from fictitious financial firms seeking collaboration opportunities.The third group, UNK_SparkyCarp, focused on credential harvesting through sophisticated…
-
Iranian Threat Actors Use AI-Generated Emails to Target Cybersecurity Researchers and Academics
Iranian state-backed Advanced Persistent Threat (APT) groups and their hacktivist allies have stepped up operations that could spark worldwide cyber retaliation in the wake of Israeli and American strikes on Iranian nuclear and military facilities in June 2025. While kinetic conflicts remain contained, the cyber domain has seen a surge in preparatory activities targeting U.S.…
-
PyPI Blocks Inbox.ru Domains After 1,500+ Fake Package Uploads
The Python Package Index (PyPI) has implemented an administrative block on the inbox.ru email domain, prohibiting its use for new user registrations and as additional verification addresses. This action stems from a recent campaign that exploited the domain to create over 250 fraudulent accounts, which in turn uploaded more than 1,500 empty projects. These bogus…
-
Email Hack Affects at Least 24 Cancer Care Practices
Organizations in 12 States Hit by 2024 Integrated Oncology Network Phishing Case. At least two dozen cancer care centers and oncology practices in 12 states are reporting to federal regulators that nearly 123,000 patients were affected by a 2024 email phishing breach involving its parent organization, Integrated Oncology Network, which is owned by Cardinal Health.…
-
Cracked Apps Delivering Infostealers Identified as Leading Attack Vector in June 2025
The AhnLab Security Intelligence Center (ASEC) published a thorough analysis in June 2025 that identified infostealer malware masquerading as keygens and cracked software as a primary attack vector. This malware uses advanced search engine optimization (SEO) poisoning to elevate malicious distribution sites in search results. ASEC’s automated malware collection systems, including crack monitoring, email honeypots,…
-
Email Filters Defeated by Polyglot File Trick Used in Malware Campaigns
Attackers are increasingly using advanced disguising techniques, such polyglot files, to get around email filters and successfully send phishing payloads in the constantly changing world of cyber threats. These polyglot files, which can be interpreted as multiple file formats simultaneously, allow malicious content to evade detection by appearing benign to security scanners. This shift marks…
-
Code Execution Through Email: How I Used Claude to Hack Itself
You don’t always need a vulnerable app to pull off a successful exploit. Sometimes all it takes is a well-crafted email, an LLM agent, and a few “innocent” plugins. This is the story of how I used a Gmail message to trigger code execution through Claude Desktop, and how Claude itself (!) helped me plan..…
-
How phishers are weaponizing SVG images in zero-click, evasive campaigns
Innovative, evasive, and targeted campaigns: Researchers pointed out that traditional endpoint detection, antivirus tools, and even email filters struggle to spot this threat because image files like SVGs are rarely considered dangerous. Compared to previous SVG-based attacks that used hosted payloads, this method keeps everything self-contained, further slipping past defenses.Victims span B2B service providers, utilities,…
-
UK Pet Owners Targeted by Fake Microchip Renewal Scams
Microchip renewal scam targets UK pet owners using leaked data from insecure registries. Emails appear legit but aim to steal money and personal info. First seen on hackread.com Jump to article: hackread.com/uk-pet-owners-targeted-fake-microchip-renewal-scams/
-
How defenders use the dark web
Tags: access, antivirus, attack, breach, corporate, credit-card, crypto, cyber, cybercrime, dark-web, data, data-breach, email, extortion, finance, fraud, government, group, hacker, healthcare, identity, incident, insurance, intelligence, Internet, interpol, law, leak, lockbit, mail, malware, monitoring, network, phishing, ransom, ransomware, service, software, theft, threat, tool, usa, vpnAttributing attacks to threat actors: When organizations suffer from data breaches and cyber incidents, the dark web becomes a crucial tool for defenders, including the impacted businesses, their legal teams, and negotiators.Threat actors such as ransomware groups often attack organizations to encrypt and steal their data so they can extort them for money, in exchange…
-
Red Bull-Themed Phishing Attacks Target Job Seekers’ Credentials
A few significant investments in email filtering, authentication procedures, and endpoint protection, attackers are constantly improving their techniques to circumvent automated security measures in a time when phishing is still a major cyberthreat. A recent campaign identified by Evalian’s Security Operations Center (SOC) exemplifies this evolution, employing sophisticated deception to target job seekers with spoofed…
-
Summarizing Emails With Gemini? Beware Prompt Injection Risk
Attackers Can Trick Gemini Into Displaying Deceptive Messages, Researchers Warn. Attackers can hide malicious instructions inside emails to trick Google’s Gemini into delivering falsified summaries with deceptive messages to end users, researchers warn. Google said it’s continuing to put multiple defenses in place to combat these types of prompt injection attacks. First seen on govinfosecurity.com…
-
Romanian police arrest 13 scammers targeting UK’s tax authority
Britain’s tax agency and Romanian police combined on an operation to break up a fraud ring that used phishing emails to capture U.K. taxpayer information. First seen on therecord.media Jump to article: therecord.media/romania-arrests-tax-fraud-ring-britain-hmrc
-
Google Gemini flaw hijacks email summaries for phishing
Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-gemini-flaw-hijacks-email-summaries-for-phishing/
-
Security Affairs newsletter Round 532 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. McDonald’s job app exposes data of 64 Million applicants Athlete or Hacker? Russian basketball player accused…
-
Spyware Campaign Hits Russian Industrial Firms
Phishing Emails Disguise Malware as Contract Files. A Russian cybersecurity company is warning that hackers are targeting Russia’s industrial sector using a previously undocumented spyware, reeling them in with contract-themed emails lures. Kaspersky dubbed the spyware Batavia. but doesn’t attribute the campaign to a threat actor. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/spyware-campaign-hits-russian-industrial-firms-a-28928
-
Agentic AI Is Fueling a Rise of Deepfake Phishing Scams
Ironscales Founder, CEO Eyal Benishti Pushes to Expand AI Protection Beyond Email. Deepfake phishing is escalating as cybercriminals deploy agentic AI to automate everything from data collection to social engineering. Ironscales founder and CEO Eyal Benishti outlines how phishing is targeting communication platforms beyond email, and how defenders can keep up. First seen on govinfosecurity.com…
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
Trend Micro flags BERT: A rapidly growing ransomware threat
Low-code, high impact: BERT is not an isolated development, it is part of a growing wave of emerging ransomware groups that are proving both capable and elusive. In just the last three to four months, cybersecurity researchers have identified multiple new ransomware families that signal a shift toward leaner, low-code, and faster malware operations.For instance,…
-
July Patch Tuesday: 14 critical Microsoft vulnerabilities, one SAP hole rated at 10 in severity
Tags: access, attack, authentication, business, citrix, computer, control, credentials, cve, cvss, data, email, espionage, exploit, grc, microsoft, monitoring, network, ransomware, remote-code-execution, risk, sap, service, threat, update, vulnerability, windowsNetwork security: Allow PKU2U authentication requests to this computer to use online identities“.Tyler Reguly, Fortra’s associate director of security R&D, told CSO that, based on Microsoft’s presentation of the information, disabling this GPO will mitigate this vulnerability.The second priority is a fix for CVE-2025-49704, a SharePoint Remote Code Execution vulnerability, because it presents a critical risk to a…
-
AiLock ransomware: What you need to know
The AiLock ransomware gang gives its victims just 72 hours to respond and five days to pay up… or else. If you don’t comply? They will grass you up to regulators, email your competitors, and leak your data for good measure. First seen on fortra.com Jump to article: www.fortra.com/blog/ailock-ransomware