Tag: email
-
Washington Post Staffer Emails Targeted in Cyber Breach
Journalists’ Microsoft accounts were breached, which would have given attackers access to emails of staff reporters covering national security, economic policy, and China. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/washington-post-staffer-emails-targeted-cyber-breach
-
Washington Post Hacked Multiple Journalists’ Email Accounts Compromised
The Washington Post confirmed late last week that its email systems were targeted in a cyberattack, resulting in the compromise of several journalists’ email accounts. >>The Wall Street Journal, which first reported the breach, said it was potentially the work of a foreign government.
-
Copilot AI Bug Could Leak Sensitive Data via Email Prompts
Microsoft Patched Flaw Allowing Attackers to Hijack Copilot Responses. A well-phrased email was all an attacker would have needed to trick Microsoft Copilot into handing over sensitive data until the operating system giant patched the vulnerability. The zero-click prompt injection attack vulnerability received a CVSS severity score of 9.3. First seen on govinfosecurity.com Jump to…
-
Washington Post’s email system hacked, journalists’ accounts compromised
Email accounts of several Washington Post journalists were compromised in a cyberattack believed to have been carried out by a foreign government. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/washington-posts-email-system-hacked-journalists-accounts-compromised/
-
Hackers Target and Hijack Washington Post Journalists’ Email Accounts
A targeted cyberattack has struck The Washington Post, compromising the email accounts of several of its journalists and raising new concerns about the digital security of newsrooms worldwide. The breach, discovered late last week, prompted an immediate and sweeping response from the newspaper’s leadership, including a reset of all employee login credentials and the launch…
-
Washington Post Journalists’ Microsoft Email Accounts Hacked
The Microsoft email accounts of several Washington Post journalists whose coverage includes national security and economic policy, including China, where hacked and could give the bad actors access to the messages that were sent and received. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/washington-post-journalists-microsoft-email-accounts-hacked/
-
New quantum system offers publicly verifiable randomness for secure communications
Tags: blockchain, communications, crypto, cyber, cybersecurity, docker, email, finance, government, Hardware, infrastructure, open-source, software, technology, threat, toolNature and detailed in an accompanying arXiv preprint, CURBy leverages the phenomenon of quantum entanglement, where particles maintain interconnected states regardless of distance, to create fundamentally unpredictable outputs.”From a security perspective, this approach offers something valuable the ability to independently verify that random numbers haven’t been compromised,” noted Narayan Gokhale, vice president at QKS Group.…
-
Hackers impersonating US government compromise email account of prominent Russia researcher
Keir Giles, the author of “Russia’s War on Everybody” and a consulting fellow at the Chatham House think tank, said attackers impersonated the U.S. State Department to hack into his email accounts. First seen on therecord.media Jump to article: therecord.media/keir-giles-russia-researcher-email-hacked
-
Microsoft shares temp fix for Outlook crashes when opening emails
Microsoft has shared a workaround for a known issue that causes the classic Outlook email client to crash when opening or starting a new message. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-classic-outlook-crashes/
-
Microsoft Purview DLP Now Controls Copilot’s Access to Sensitive Email Data
Microsoft is set to enhance data security in Microsoft 365 by extending Purview Data Loss Prevention (DLP) controls to Copilot’s handling of sensitive email data. Starting January 1, 2025, Microsoft 365 Copilot will be prevented from processing emails that carry sensitivity labels, marking a significant step forward in enterprise data protection. New Protections for Sensitive…
-
Cyberangriff auf EKonten einer US-Zeitung
Washington Post investigating cyberattack on journalists’ email accounts, source says First seen on reuters.com Jump to article: www.reuters.com/world/us/washington-post-investigating-cyberattack-journalists-wsj-reports-2025-06-15/
-
Hackers Leak Data of 10,000 VirtualMacOSX Customers in Alleged Breach
Hackers leak data of 10,000 VirtualMacOSX customers in alleged breach, exposing names, emails, passwords, and financial details on a hacking forum. First seen on hackread.com Jump to article: hackread.com/hackers-leak-virtualmacosx-customers-data-breach/
-
Security Affairs newsletter Round 528 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Palo Alto Networks fixed multiple privilege escalation flaws Unusual toolset used in recent Fog Ransomware attack…
-
Microsoft 365 Copilot: New Zero-Click AI Vulnerability Allows Corporate Data Theft
Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-365-copilot-zeroclick-ai/
-
How to log and monitor PowerShell activity for suspicious scripts and commands
Block executable content from email client and webmailBlock executable files from running unless they meet a prevalence, age, or trusted list criterionBlock execution of potentially obfuscated scriptsBlock JavaScript or VBScript from launching downloaded executable contentBlock process creations originating from PSExec and WMI commands Log workstation PowerShell commands: Even without Microsoft Defender resources you need to…
-
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks.”Recently, attackers have introduced Python script execution alongside these techniques, using cURL requests to fetch and deploy malicious payloads,” ReliaQuest said in a report First…
-
Is attacker laziness enabled by genAI shortcuts making them easier to catch?
Tactics of attackers: The OpenAI report, published in June, detailed a variety of defenses the company has deployed against fraudsters. One, for example, involved bogus job applications.”We identified and banned ChatGPT accounts associated with what appeared to be multiple suspected deceptive employment campaigns. These threat actors used OpenAI’s models to develop materials supporting what may…
-
Beware of Instagram Growth Tools Stealing Login Credentials and Sending Them to Attackers
A discovery by Socket’s Threat Research Team has unveiled a malicious Python package named imad213, masquerading as an Instagram growth tool. Created by a threat actor identified as im_ad__213 with the associated email madmadimado59@gmail[.]com, this malware cunningly tricks users into surrendering their Instagram credentials. Deceptive Python Package Targets Instagram Users Promoted with a polished GitHub…
-
North Korean APT Hackers Target Users on Social Media to Spread Malware
The Genians Security Center (GSC) has uncovered a highly sophisticated Advanced Persistent Threat (APT) campaign orchestrated by the North Korean state-sponsored hacking group Kimsuky. Active between March and April 2025, this campaign, identified as part of the notorious ‘AppleSeed’ operation, targets individuals in South Korea through a multi-pronged approach using Facebook, email, and Telegram. Sophisticated…
-
ManageEngine Exchange Reporter Plus Vulnerability Enables Remote Code Execution
A critical security vulnerability has been discovered in ManageEngine Exchange Reporter Plus, a popular email monitoring and reporting solution, that could allow attackers to execute arbitrary commands on target servers. The vulnerability, assigned CVE-2025-3835, affects all builds up to version 5721 and has been addressed in the emergency security update released on May 29, 2025.…
-
New Zealand Government Mandates DMARC Under New Secure Email Framework
New Zealand mandates DMARC enforcement under its new Secure Government Email framework. Learn what this means and how agencies can ensure compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/new-zealand-government-mandates-dmarc-under-new-secure-email-framework/
-
Malicious npm Utility Packages Enable Attackers to Wipe Production Systems
Socket’s Threat Research Team has uncovered two malicious npm packages, express-api-sync and system-health-sync-api, designed to masquerade as legitimate utilities while embedding destructive backdoors capable of annihilating production systems. Published under the npm alias >>botsailer
-
Kimsuky Strikes Again Coordinated Attacks Target Facebook, Email, and Telegram
A recent investigation by Genians Security Center (GSC) has uncovered a highly sophisticated, multi-channel cyber espionage campaign attributed to the North Korea-aligned advanced persistent threat (APT) group known as Kimsuky. Between March and April 2025, the group leveraged Facebook, email, and Telegram to infiltrate targets primarily within the defense sector, North Korea-related activists, and cryptocurrency…
-
Employees repeatedly fall for vendor email compromise attacks
In just 12 months, attackers attempted to steal more than $300 million via vendor email compromise (VEC), with 7% of engagements coming from employees who had engaged with a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/09/vendor-email-compromise-attacks-vec/
-
Malicious Browser Extensions Infect Over 700 Users Across Latin America Since Early 2025
Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data.”Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack,” Positive Technologies security…
-
Security Affairs newsletter Round 527 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found 4 billion user records online, the largest known leak of Chinese personal data from…
-
Malicious Browser Extensions Infect 722 Users Across Latin America Since Early 2025
Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to infect users with a malicious extension for Chromium-based web browsers and siphon user authentication data.”Some of the phishing emails were sent from the servers of compromised companies, increasing the chances of a successful attack,” Positive Technologies security…
-
Cybersecurity Snapshot: Experts Issue Best Practices for Migrating to Post-Quantum Cryptography and for Improving Orgs’ Cyber Culture
Tags: access, attack, best-practice, business, cio, ciso, communications, computer, computing, conference, corporate, crypto, cryptography, cyber, cybersecurity, data, defense, email, encryption, finance, government, group, ibm, identity, incident, incident response, infrastructure, jobs, lessons-learned, metric, microsoft, mitre, monitoring, nist, risk, service, strategy, technology, threat, tool, training, update, vulnerability, vulnerability-management, warfareCheck out a new roadmap for adopting quantum-resistant cryptography. Plus, find out how your company can create a better cybersecurity environment. In addition, MITRE warns about protecting critical infrastructure from cyber war. And get the latest on exposure response strategies and on CISO compensation and job satisfaction. Dive into five things that are top of…