Tag: email
-
GitHub and Jira Alerts Hijacked for Trusted-SaaS Phishing
Hackers are abusing GitHub and Jira’s built”‘in notification systems to send phishing emails that appear completely legitimate. Because these emails are sent from the platforms’ own mail servers, they pass standard checks like SPF, DKIM, and DMARC, making them very hard for traditional email gateways to block. The messages are routed via the official mail…
-
Google Brings EndEnd Encrypted Gmail to Android and iPhone
Google has officially expanded Gmail’s end-to-end encryption (E2EE) feature to Android and iOS devices, empowering organizations and users to protect the confidentiality of email content directly from their mobile devices. This enhancement is part of Gmail’s client-side encryption (CSE) program, enabling stricter compliance controls and preserving data sovereignty across regulated industries. With this new rollout, Gmail users can…
-
Security Affairs newsletter Round 572 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S. GlassWorm evolves with…
-
Google Extends Gmail Encryption to Mobile, but Limits Access to Enterprise Tier
Google has expanded its encryption capabilities in Gmail to mobile devices, enabling enterprise customers to transmit encrypted emails directly within the app on both Android and iOS. The update removes a limitation that previously restricted native encrypted email use on mobile devices. The rollout allows eligible users to compose and read encrypted messages natively, without..…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
TDL 019 – The Psychology Behind a Cyber Breach and the Leaders Who Survive It – Nim Nadarajah
Tags: access, ai, apple, automation, breach, business, cctv, ceo, cio, ciso, cloud, computing, conference, control, corporate, crowdstrike, cve, cyber, cyberattack, cybersecurity, data, dns, edr, email, finance, firewall, governance, group, healthcare, incident, incident response, infrastructure, injection, insurance, Internet, jobs, law, LLM, metric, microsoft, msp, network, office, powershell, privacy, programming, psychology, risk, saas, service, siem, soar, soc, software, startup, strategy, supply-chain, switch, technology, threat, tool, training, usa, vulnerability, windows, zero-trustLeading Through the Cyber Abyss In Episode 019 of The Defender’s Log, host David Redekop sits down with Nim Nadarajah, CISO and Managing Partner of Critical Matrix, to explore the evolving landscape of cybersecurity leadership. From the “annual pilgrimage” of RSAC 2026 to the front lines of incident response, the conversation shifts from technical bits…
-
Breach of Confidence: 10 April 2026
I spent most of one day this week trying to access a perfectly ordinary online service and felt like I was applying for witness protection. By the end of it, I’d supplied a password, a code, a backup code, a second email, and what felt like several pieces of emotional verification. We are constantly told……
-
Google rolls out Gmail endend encryption on mobile devices
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/google/google-rolls-out-gmail-end-to-end-encryption-on-mobile-devices/
-
CMMC compliance in the age of AI
Tags: access, ai, automation, awareness, business, compliance, control, data, detection, email, governance, government, grc, metric, risk, tool, trainingThe primary readiness gap: data scope awareness: Central to preparation is gaining a complete understanding of the data subject to CMMC 2.0 controls. Many organizations are still struggling to define the full scope of systems, workflows and third-party relationships that process or store CUI. When contractors conduct detailed CMMC-focused data inventories, it’s common that they’ll…
-
What to Know About CyberAv3ngers: The IRGC-Linked Group Targeting Critical Infrastructure
Tags: access, advisory, ai, attack, authentication, automation, backup, cctv, chatgpt, cisa, communications, compliance, control, credentials, crypto, cve, cyber, cybersecurity, data, data-breach, defense, detection, dns, email, exploit, finance, firewall, flaw, government, group, healthcare, infrastructure, intelligence, international, Internet, iot, iran, kev, leak, linux, malicious, malware, mitigation, mitre, monitoring, network, office, openai, password, radius, resilience, risk, router, service, siem, software, strategy, switch, technology, threat, tool, update, vpn, vulnerability, vulnerability-managementAn Iran-affiliated threat group has evolved from defacing water utility displays to deploying custom ICS malware and exploiting Rockwell Automation PLCs across multiple U.S. critical infrastructure sectors. Key takeaways: CyberAv3ngers is a state-directed threat group operating under Iran’s IRGC Cyber-Electronic Command. The U.S. Treasury sanctioned six named officials in February 2024 and the State Department…
-
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months
Tags: access, adobe, attack, ciso, control, data, email, exploit, hacker, incident response, malicious, malware, monitoring, resilience, risk, sans, software, technology, threat, tool, update, vulnerabilityA high risk exploit: Kellman Meghu, chief technology officer at Canadian incident response firm DeepCove Security, called the exploit “a very high risk.”So far it looks as though this particular malware just exfiltrates data, he said. But it implies there is an ability or capability to turn it into a vehicle for remote code execution.…
-
The Web Is Full of Traps, and AI Agents Walk Right into Them
The enterprise is deploying AI agents at a pace that has outrun every security framework written to govern them. These agents don’t just answer questions, they browse websites, retrieve documents, call APIs, execute code, manage email, initiate financial transactions, and spawn sub-agents to tackle complex workflows. They operate autonomously, at machine speed, often with.. First…
-
Scammers pose as Amazon support to steal your account
A new wave of Amazon refund scams is spreading, hitting both email inboxes and text messages. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/scammers-pose-as-amazon-support-to-steal-your-account/
-
Scammers pose as Amazon support to steal your account
A new wave of Amazon refund scams is spreading, hitting both email inboxes and text messages. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/scammers-pose-as-amazon-support-to-steal-your-account/
-
Scammers pose as Amazon support to steal your account
A new wave of Amazon refund scams is spreading, hitting both email inboxes and text messages. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/scammers-pose-as-amazon-support-to-steal-your-account/
-
Microsoft locks out VeraCrypt and WireGuard devs, blames verification process
No emails, no warnings, no humans just bots, catch-22s, and a 60-day appeals queue First seen on theregister.com Jump to article: www.theregister.com/2026/04/09/microsoft_dev_account_deactivations/
-
Turning Email Authentication into a Revenue Engine: Why Australian MSPs Can’t Afford to Ignore DMARC-as-a-Service
Originally published at Turning Email Authentication into a Revenue Engine: Why Australian MSPs Can’t Afford to Ignore DMARC-as-a-Service by Tim Sergent. By Allan Richards, Global MSP Lead at EasyDMARC … First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/turning-email-authentication-into-a-revenue-engine-why-australian-msps-cant-afford-to-ignore-dmarc-as-a-service/
-
Fake Security Tool Spreads LucidRook in Taiwan Cyberattacks
Hackers are using fake security tools and cleverly crafted phishing emails to secretly deploy a new malware family, LucidRook, against organizations in Taiwan. The campaign, tracked as UAT-10362, focuses on Taiwanese NGOs and likely universities and shows a high level of planning, stealth, and technical sophistication. The operation relies on spear-phishing emails sent via what appears…
-
Quantum-Safe Email: S/MIME and Post-Quantum Email Security
Your Email is Encrypted Today, but Will It Hold Up Tomorrow? Awakening one day to discover that every “secure email” you’ve ever written was not secure at all. Your client contracts, financial spreadsheets, and confidential boardroom conversations”¦ all revealed as if they were open texts. It’s the quantum future that we’re hurtling toward. The encryptionRead…
-
Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure
Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. >>Because the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/09/saas-platforms-notification-systems-phishing/
-
Meta Business Alerts Abused for Phishing Campaigns
Hackers are weaponizing legitimate Meta Business Manager notifications to sneak phishing emails past security filters and into users’ inboxes. By abusing trusted Meta infrastructure, attackers make their messages appear authentic while quietly funneling victims to credential”‘stealing pages. Because Meta systems generate these invites, the emails come from real Meta domains such as facebookmail.com and pass…
-
AI Security Risks: How Enterprises Manage LLM, Shadow AI and Agentic Threats FireTail Blog
Tags: access, ai, api, attack, breach, business, ciso, cloud, compliance, conference, control, cybersecurity, data, data-breach, detection, email, endpoint, exploit, finance, framework, gartner, GDPR, governance, guide, infrastructure, injection, LLM, malicious, microsoft, monitoring, network, nvidia, office, regulation, risk, saas, software, threat, tool, training, vulnerabilityApr 08, 2026 – – Quick Facts: Enterprise AI Security Most enterprises are running AI at scale before their security teams have visibility into it. Shadow AI (unsanctioned AI tools spreading department by department) is now the most common entry point for data leakage. Agentic AI introduces a new category of risk: autonomous systems that…
-
The Growing Abuse of GitHub and GitLab in Phishing Campaigns
Threat actors are increasingly abusing trusted platforms like GitHub and GitLab to host malware and credential phishing pages, allowing malicious links to bypass email security because these domains are widely trusted and cannot easily be blocked. The volume of these campaigns has grown significantly since 2021, with 2025 accounting for nearly half of all activity,…
-
EvilTokens Uses Stolen Microsoft 365 Tokens, AI to Supercharge BEC
EvilTokens is a new Phishing-as-a-Service (PhaaS) platform that turns stolen Microsoft 365 tokens and AI into an end”‘to”‘end factory for Business Email Compromise (BEC) at scale. By combining device-code phishing, custom tooling, and large language models, it enables low- to mid-skill threat actors to run highly tailored BEC operations in minutes rather than days. First…
-
Dutch healthcare software vendor goes dark after ransomware attack
ChipSoft’s website remains down but emails are functioning First seen on theregister.com Jump to article: www.theregister.com/2026/04/08/chipsoft_ransomware/
-
Cyber Fraud Cost Americans $17 Billion in 2025, AI Scams Make List: FBI
Cyber-driven fraud from investment schemes to business email compromise (BEC) to confidence and romance scams accounted for almost 85% of the losses Americans suffered through fraud crimes last year, totaling an eye-watering $17.7 billion in money stolen, according to the FBI. It also made up 45% of all the fraud-related complaints to the.. First seen…
-
FBI: Americans lost a record $21 billion to cybercrime last year
U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-americans-lost-a-record-21-billion-to-cybercrime-last-year/
-
5 steps to strengthen supply chain security and improve cyber resilience
Tags: access, api, attack, authentication, automation, backup, breach, business, cloud, control, credentials, cyber, data, defense, detection, dns, edr, email, endpoint, exploit, framework, governance, identity, infrastructure, mfa, monitoring, msp, network, radius, resilience, risk, saas, service, siem, soc, software, strategy, supply-chain, threat, tool, update, vulnerability, zero-trustAll software vendors and SaaS platformsOpen”‘source components embedded in your applicationsMSP or IT service providersCloud infrastructure and authentication servicesAPI integrations and automation workflowsOnce documented, classify each supplier by the impact they would have if compromised. A remote monitoring tool or authentication platform represents far greater risk than a basic productivity app. This prioritization helps you…