Tag: email

nOAuth Lives on in Cloud App Logins Using Entra ID

Jun 25, 2025 4:36 PM

Tags: cloud, computing, email, flaw, hacker, login, microsoft, saas, vulnerability

Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra ID. A flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers – notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth. First seen on govinfosecurity.com…
Africa Sees Surge in Cybercrime as Law Enforcement Struggles

Jun 25, 2025 8:35 AM

Tags: business, crime, cybercrime, email, law, ransomware, scam

Cybercrime accounts for more than 30% of all reported crime in East Africa and West Africa, with online scams, ransomware, business email compromise, and digital sextortion taking off. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/africa-surge-cybercrime-law-enforcement-struggles
Trezor’s support platform abused in crypto theft phishing attacks

Jun 24, 2025 7:35 PM

Tags: attack, crypto, email, phishing, theft

Trezor is alerting users about a phishing campaign that abuses its automated support system to send deceptive emails from its official platform. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/trezors-support-platform-abused-in-crypto-theft-phishing-attacks/
Over 2,000 Devices Compromised by Weaponized Social Security Statement Phishing Attacks

Jun 24, 2025 5:35 PM

Tags: attack, cyber, cybercrime, email, exploit, malicious, phishing

CyberArmor analysts have uncovered a meticulously crafted phishing campaign that has already compromised over 2,000 devices by exploiting the trusted theme of Social Security Administration (SSA) statements. Cybercriminals behind this operation deployed a highly convincing email lure masquerading as an official SSA communication, deceiving users into downloading malicious software. The campaign’s technical sophistication, coupled with…
Breaking news the Washington Post has been hacked

Jun 24, 2025 2:36 PM

Tags: email

The Washington Post says that the email accounts of some of its journalists have been hacked. First seen on grahamcluley.com Jump to article: grahamcluley.com/breaking-news-the-washington-post-has-been-hacked/
Yes, the Co-op lost your data. Have a £10 shopping voucher

Jun 24, 2025 1:35 PM

Tags: attack, cyber, data, email, hacker

The Co-op is offering a £10 shopping discount to members after a cyber-attack saw hackers steal personal data including names, home address, email addresses, and membership card numbers. First seen on grahamcluley.com Jump to article: grahamcluley.com/yes-the-co-op-lost-your-data-have-a-10-shopping-voucher/
Unstructured Data Management: Closing the Gap Between Risk and Response

Jun 24, 2025 11:35 AM

Tags: access, ai, business, cio, ciso, cloud, compliance, control, data, email, encryption, finance, framework, GDPR, HIPAA, intelligence, monitoring, PCI, regulation, risk, service, software, strategy, threat, update, windows

Unstructured Data Management: Closing the Gap Between Risk and Response madhav Tue, 06/24/2025 – 05:44 The world is producing data at an exponential rate. With generative AI driving 90% of all newly created content, organizations are overwhelmed by an ever-growing data estate. More than 181 zettabytes of data now exist globally”, and 80% of it…
Google Integrates GenAI to Counter Indirect Prompt Injection Attack Vectors

Jun 23, 2025 11:35 PM

Tags: ai, attack, cyber, cybersecurity, data, email, google, injection, malicious, threat

Google has revealed a thorough protection technique aimed at indirect prompt injection attacks, a subtle but powerful threat, marking a major advancement in cybersecurity in the age of generative AI. Unlike direct prompt injections, where malicious commands are overtly inserted into AI prompts, indirect injections embed harmful instructions within external data sources such as emails,…
APT36 Hackers Target Indian Defense Personnel with Sophisticated Phishing Campaign

Jun 23, 2025 10:35 PM

Tags: cyber, defense, email, espionage, government, group, hacker, india, malicious, phishing

APT36, also known as Transparent Tribe, a Pakistan-based cyber espionage group, has launched a highly sophisticated phishing campaign targeting Indian defense personnel. According to recent findings by CYFIRMA, this group has meticulously crafted phishing emails that deliver malicious PDF attachments disguised as official government documents. Cyber Espionage Group Transparent Tribe Strikes Again These deceptive files…
Shadow Vector Malware Uses SVG Images to Deliver AsyncRAT and RemcosRAT Payloads

Jun 23, 2025 9:35 PM

Tags: attack, cyber, email, exploit, malicious, malware, phishing, spear-phishing, threat

Acronis Threat Research Unit (TRU) has discovered a startling development: a malicious campaign called >>Shadow Vector
Microsoft Enhances Defender for Office 365 with Detailed Spam and Phishing Analysis

Jun 23, 2025 2:35 PM

Tags: ai, cyber, email, microsoft, office, phishing, spam

Microsoft has announced a significant upgrade to its Defender for Office 365 platform, introducing a new AI-powered capability designed to provide unprecedented clarity into why emails are classified as spam, phishing, or clean. This enhancement, powered by large language models (LLMs), aims to bolster email security for organizations worldwide by offering clear, human-readable explanations for…
Stellar Repair For Outlook: A Comprehensive Review Of The Ultimate PST Repair Tool

Jun 23, 2025 1:35 PM

Tags: cyber, data, email, microsoft, tool

Microsoft Outlook is a cornerstone of professional and personal communication, relied upon by millions for email management, calendaring, and task organization. However, Outlook’s Personal Storage Table (PST) files, which store emails, contacts, calendars, and other data, are prone to corruption due to various factors. When PST files become corrupted, users face disruptions, ranging from missing…
71% of new hires click on phishing emails within 3 months

Jun 23, 2025 7:35 AM

Tags: attack, email, jobs, phishing, social-engineering

New hires are more likely to fall for phishing attacks and social engineering than longer-term employees, especially in their first 90 days, according to Keepnet. Why new … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/23/new-hire-phishing-risk/
Security Affairs newsletter Round 529 by Pierluigi Paganini INTERNATIONAL EDITION

Jun 22, 2025 6:35 PM

Tags: android, country, cyberattack, email, international, Internet, iran, WeeklyReview

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Iran confirmed it shut down internet to protect the country against cyberattacks Godfather Android trojan uses…
Threat Actors Exploit Vercel Hosting Platform to Distribute Remote Access Malware

Jun 20, 2025 8:36 PM

Tags: access, cyber, email, exploit, malicious, malware, phishing, threat

CyberArmor has uncovered a sophisticated phishing campaign exploiting Vercel, a widely used frontend hosting platform, to distribute a malicious variant of LogMeIn, a legitimate remote access tool. Over the past two months, threat actors have orchestrated at least 28 distinct campaigns, targeting more than 1,271 users with deceptive emails that lead to fraudulent pages hosted…
Cybersecurity Snapshot: Tenable Report Spotlights Cloud Exposures, as Google Catches Pro-Russia Hackers Impersonating Feds

Jun 20, 2025 7:35 PM

Tags: access, advisory, ai, api, apple, attack, authentication, best-practice, business, cisa, cisco, cloud, conference, container, control, credentials, cve, cyber, cybersecurity, data, data-breach, detection, email, encryption, endpoint, exploit, google, governance, government, group, guide, hacker, Hardware, identity, infrastructure, intelligence, Internet, kubernetes, linux, macOS, microsoft, mitigation, mobile, monitoring, network, oracle, password, phishing, ransomware, risk, russia, service, social-engineering, software, sql, strategy, tactics, technology, threat, tool, update, vmware, vulnerability, windows

Check out highlights from Tenable’s “2025 Cloud Security Risk Report,” which delves into the critical risk from insecure cloud configurations. Plus, Google reveals a Russia-sponsored social engineering campaign that targeted prominent academics’ Gmail accounts. And get the latest on AI system security, just-in-time access, CIS Benchmarks and more! Dive into six things that are top…
How to conduct an effective post-incident review

Jun 20, 2025 9:35 AM

Tags: breach, business, ciso, compliance, credentials, cyber, cybersecurity, detection, email, finance, governance, group, incident, incident response, lessons-learned, phishing, risk, service, software, tool, training, update, vulnerability

Perform a root-cause analysis: Your post-incident review must include a root-cause analysis, Taylor says. “Identifying the underlying issues that caused the incident is essential for avoiding future cyber incidents,” he says.The post-incident review team should examine the root causes of the incident, whether they are technical, procedural, or human-related, and implement corrective actions and preventive…
Is Cold Email Still Effective in 2025? Best Practices for Outreach and Security

Jun 20, 2025 8:35 AM

Tags: best-practice, email

Cold email still works in 2025″, but only if done right. Learn best practices, deliverability tips, and how to secure your domain for real results. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/is-cold-email-still-effective-in-2025-best-practices-for-outreach-and-security/
Understanding EchoLeak: What This Vulnerability Teaches Us About Application Security – Impart Security

Jun 20, 2025 5:35 AM

Tags: access, ai, application-security, attack, awareness, business, control, cybersecurity, data, defense, detection, email, exploit, framework, incident response, least-privilege, lessons-learned, malicious, microsoft, mitigation, monitoring, network, risk, risk-assessment, service, strategy, threat, tool, training, unauthorized, vulnerability, waf

Understanding EchoLeak: What This Vulnerability Teaches Us About AI Security The recent disclosure of EchoLeak by Aim Labs marks a significant milestone in AI security research. As the first documented zero-click exploit targeting a production AI system, it offers valuable insights into the emerging threat landscape that security professionals need to understand and prepare for.…
Microsoft Defender for Office 365 to Block Email Bombing Attacks

Jun 19, 2025 9:35 PM

Tags: attack, email, microsoft, office

First seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/microsoft-defender-for-office-365-to-block-email-bombing-attacks/
Spamhaus’ take on Cold Emailing”¦AKA spam

Jun 19, 2025 8:36 PM

Tags: email, spam

Cold emailing, as it’s practiced today, is spam, for inboxes, businesses, and the internet. It’s a thriving industry, but one raising concerns in the email community. In this article we define cold emailing from our perspective, share concerns about its misuse, particularly in B2B communication, and highlight the organizations enabling it. First seen on securityboulevard.com…
ChatGPT will analyze Gmail emails, manage schedule on Google Calendar

Jun 19, 2025 4:35 PM

Tags: chatgpt, email, google

ChatGPT appears to be testing support for Gmail and Google Calendar integration. This will allow users to summarise emails and create events. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-will-analyze-gmail-emails-manage-schedule-on-google-calendar/
Hackers Use VBScript Files to Deploy Masslogger Credential Stealer Malware

Jun 19, 2025 2:35 PM

Tags: credentials, cyber, email, exploit, hacker, malicious, malware, spam, threat, windows

Seqrite Labs has uncovered a sophisticated variant of the Masslogger credential stealer malware being distributed through VBScript Encoded (.VBE) files. This advanced threat, which likely spreads via spam emails or drive-by downloads, operates as a multi-stage fileless malware, heavily exploiting the Windows Registry to store and execute its malicious payload without writing files to disk.…
Think Before You Click: ‘Unsubscribe’ Buttons Could Be a Trap, Experts Warn

Jun 17, 2025 9:54 PM

Tags: email, identity, malware, phishing

Clicking “unsubscribe” on suspicious emails may do more harm than good”, experts warn these links can lead to phishing, malware, or even identity theft. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/unsubscribe-buttons-could-be-a-trap/
Beware: Weaponized Research Papers Delivering Malware Through Password-Protected Documents

Jun 17, 2025 7:54 PM

Tags: cyber, email, hacking, intelligence, malware, password, phishing

The AhnLab Security Intelligence Center (ASEC) recently made the concerning revelation that the infamous Kimsuky hacking organization was connected to a crafty phishing email campaign that targeted unwary people. Disguised as a seemingly legitimate request for a paper review from a professor, these emails lure recipients into opening a password-protected HWP document embedded with a…
Hacker steals 1 million Cock.li user records in webmail data breach

Jun 17, 2025 4:54 PM

Tags: breach, data, data-breach, email, exploit, flaw, hacker, threat

Email hosting provider Cock.li has confirmed it suffered a data breach after threat actors exploited flaws in its now-retired Roundcube webmail platform to steal over a million user records. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hacker-steals-1-million-cockli-user-records-in-webmail-data-breach/
Phishing goes prime time: Hackers use trusted sites to hijack search rankings

Jun 17, 2025 3:54 PM

Tags: access, attack, awareness, breach, communications, cybercrime, data, email, google, group, hacker, malicious, organized, phishing, service, software, tool, training, unauthorized

An organized operation currently limited to Turkey: Hacklink is currently letting cybercriminals browse and buy access to thousands of hacked websites, with listings costing as little as $1 per unit, and .gov or high-authority domains fetching even more.The operation appears to be highly organized, with groups like “Neon SEO Academy” and “SEOLink” offering illicit SEO…
Taiwan Hit by Sophisticated Phishing Campaign

Jun 17, 2025 3:54 PM

Tags: email, malware, phishing

Phishing campaign targeting Taiwan has been identified, using tax-themed emails and malware like Winos and HoldingHands First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/taiwan-hit-phishing-campaign/
State-sponsored hackers compromised the email accounts of several Washington Post journalists

Jun 17, 2025 10:54 AM

Tags: china, cyberattack, email, hacker, microsoft

State-sponsored hackers compromised the email accounts of several journalists working at the Washington Post. A cyberattack, likely carried out by state-sponsored hackers, compromised the Microsoft email accounts of Washington Post journalists, including reporters covering China and national security. >>A cyberattack on the Washington Post compromised email accounts of several journalists and was potentially the work…
Katz Stealer Boosts Credential Theft with System Fingerprinting and Persistence Mechanisms

Jun 16, 2025 9:54 PM

Tags: credentials, cyber, data, email, malware, phishing, service, software, theft

The emergence of Katz Stealer, a sophisticated information-stealing malware-as-a-service (MaaS) that is redefining the boundaries of credential theft. First detected this year, Katz Stealer combines aggressive data exfiltration with advanced system fingerprinting, stealthy persistence mechanisms, and evasive loader tactics. Distributed primarily through phishing emails and fake software downloads, this malware targets a vast array of…