Tag: spam
-
Mail relays Part 2 – Problems with forwarded mail?
by
in SecurityNewsForwarded mail can be more trouble than it’s worth – especially when it’s done without checks, validation, or spam filtering. Typos, spamtraps, and forged senders can quickly snowball into blocklistings and delivery failures. In this second part on mail relays, we dive into the mess forwarding can cause, and what you can do to avoid…
-
Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
by
in SecurityNewsCybersecurity researchers are warning of a new campaign that’s targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025.”The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox,” Cisco Talos…
-
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools
by
in SecurityNewsA new spam campaign is targeting Brazilian users with a clever twist, abusing the free trial period of trusted remote monitoring tools and the country’s electronic invoice system to spread malicious agents. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/spam-campaign-targeting-brazil-abuses-rmm-tools/
-
‘CoGUI’ Phishing Kit Helps Chinese Hackers Target Japan
by
in SecurityNewsJapan is being peppered with an overwhelming volume of spam, thanks to a new platform popular across the East China Sea. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/cogui-phishing-kit-chinese-hackers-japan
-
Threat Actors Use AiTM Attacks with Reverse Proxies to Bypass MFA
by
in SecurityNewsCybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging reverse proxies to intercept sensitive data. As phishing tactics grow more advanced, traditional defenses like spam filters and user training are proving insufficient. Attackers deploy reverse proxies as intermediary servers to forward victim traffic to legitimate websites, creating an illusion…
-
Microsoft fixes Exchange Online bug flagging Gmail emails as spam
by
in SecurityNewsMicrosoft has resolved an issue with a machine learning model that mistakenly flagged emails from Gmail accounts as spam in Exchange Online. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-exchange-online-bug-flagging-gmail-emails-as-spam/
-
Beyond the Inbox: ThreatLabz 2025 Phishing Report Reveals How Phishing Is Evolving in the Age of GenAI
by
in SecurityNews
Tags: access, ai, attack, authentication, best-practice, captcha, cloud, control, credentials, crypto, cyber, cybercrime, data, defense, detection, dmarc, email, exploit, finance, google, identity, jobs, login, malicious, malware, mfa, phishing, radius, risk, scam, spam, strategy, tactics, technology, theft, threat, tool, vulnerability, zero-day, zero-trustGone are the days of mass phishing campaigns. Today’s attackers are leveraging generative AI (GenAI) to deliver hyper-targeted scams, transforming every email, text, or call into a calculated act of manipulation. With flawless lures and tactics designed to outsmart AI defenses, cybercriminals are zeroing in on HR, payroll, and finance teams”, exploiting human vulnerabilities with…
-
Microsoft fixes machine learning bug flagging Adobe emails as spam
by
in SecurityNewsMicrosoft says it mitigated a known issue in one of its machine learning (ML) models that mistakenly flagged Adobe emails in Exchange Online as spam. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-fixes-machine-learning-bug-flagging-adobe-emails-as-spam/
-
Agent Tesla Malware Uses Multi-Stage Attacks with PowerShell Scripts
by
in SecurityNewsResearchers from Palo Alto Networks have uncovered a series of malicious spam campaigns leveraging the notorious Agent Tesla malware through intricate, multi-stage infection vectors. The attack begins innocuously enough with the receipt of a socially engineered email, often crafted to appear legitimate and relevant to the recipient. These emails carry an archive attachment, which typically…
-
AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites
AkiraBot, a CAPTCHA-evading Python framework, has spammed over 80,000 websites with AI-generated messages, targeting small and medium-sized businesses. SentinelOne’s SentinelLabs researchers warn that AkiraBot, a spam framework, targets websites’ chats and contact forms to promote low-quality SEO services, AkiraBot has already targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September…
-
Targeted phishing gets a new hook with real-time email validation
by
in SecurityNews
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
AkiraBot Floods 80,000 Sites After Outsmarting CAPTCHAs and Slipping Past Network Defenses
AkiraBot, identified by SentinelLABS, represents a sophisticated spam bot framework that targets website chats and contact forms to promote low-quality SEO services. Since its inception in September 2024, AkiraBot has impacted over 420,000 unique domains, successfully spamming at least 80,000 websites. It leverages both CAPTCHA evasion techniques and network detection evasion to elude website security…
-
AI-Powered AkiraBot Evades CAPTCHA to Spam 80,000 Websites
by
in SecurityNewsA new AI-powered framework dubbed “AkiraBot” has successfully spammed 80,000 websites since September 2024 First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/aipowered-akirabot-captcha-spam/
-
‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages
by
in SecurityNewsCAPTCHA-evading Python framework AkiraBot has spammed over 80,000 websites with AI-generated spam messages. The post ‘AkiraBot’ Spammed 80,000 Websites With AI-Generated Messages appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/akirabot-spammed-80000-websites-with-ai-generated-messages/
-
AkiraBot Targets 420,000 Sites with OpenAI-Generated Spam, Bypassing CAPTCHA Protections
by
in SecurityNewsCybersecurity researchers have disclosed details of an artificial intelligence (AI) powered platform called AkiraBot that’s used to spam website chats, comment sections, and contact forms to promote dubious search engine optimization (SEO) services such as Akira and ServicewrapGO.”AkiraBot has targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September First seen…
-
Precision-validated phishing: The rise of sophisticated credential theft
by
in SecurityNews
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, theft, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
New AkiraBot Abuses OpenAI API to Spam Website Contact Forms
by
in SecurityNewsCybersecurity researchers have identified a new spam campaign driven by ‘AkiraBot,’ an AI-powered bot that targets small business… First seen on hackread.com Jump to article: hackread.com/akirabot-abuses-openai-api-spam-website-contact-forms/
-
Waski verbreitet Banking-Trojaner: auch deutsche Nutzer betroffen
by
in SecurityNewsWenn du in den letzten Tagen und Wochen eine Spam-E-Mail mit einer ZIP-Datei im Anhang bekommen hast, könnte es durchaus sein, dass es sich um eine Schadsoftware handelt, die es auf die Zugangsdaten deines Onlinebanking-Accounts abgesehen hat. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/03/26/waski-verbreitet-banking-trojaner-auch-deutsche-nutzer-betroffen/
-
Mumblehard: Linux-Malware verbreitet Spam über deinen Server
by
in SecurityNewsHeute decken ESET-Experten eine Linux-Malware-Familie auf, die bereits seit einiger Zeit ihr Unwesen treibt Linux/Mumblehard. Ein White Paper über die Bedrohung ist auf WeLiveSecurity als Download verfügbar. First seen on welivesecurity.com Jump to article: www.welivesecurity.com/deutsch/2015/04/29/mumblehard-linux-malware-verbreitet-spam-ueber-deinen-server/
-
Best Email Deliverability Tools
by
in SecurityNewsDiscover the best email deliverability tools to enhance inbox placement, monitor reputation, and prevent spam issues. Compare top solutions for improved email performance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/best-email-deliverability-tools/
-
PoisonSeed targets Mailchimp, Mailgun, and Zoho to phish high-value accounts
by
in SecurityNewsActivities align with CryptoChameleon: While many threat researchers have linked PoisonSeed actors to Scattered Spider, Silent Push believes the alignment is more accurate with the CryptoChameleon advanced phishing kit from 2024.The mailchimp-sso[.]com domain, which is the basis of the association made with Scattered Spider, was registered on Porkbun from the previous attack up until March…
-
PoisonSeed Exploits CRM Accounts to Launch Cryptocurrency Seed Phrase Poisoning Attacks
by
in SecurityNewsA malicious campaign dubbed PoisonSeed is leveraging compromised credentials associated with customer relationship management (CRM) tools and bulk email providers to send spam messages containing cryptocurrency seed phrases in an attempt to drain victims’ digital wallets.”Recipients of the bulk spam are targeted with a cryptocurrency seed phrase poisoning attack,” Silent Push said in an First…
-
How to Check Email Deliverability?
by
in SecurityNewsStruggling with emails landing in spam? Learn how to check email deliverability effectively, troubleshoot common issues, and improve inbox placement. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/04/how-to-check-email-deliverability/
-
Hackers Exploit WordPress mu-Plugins to Inject Spam and Hijack Site Images
Threat actors are using the “mu-plugins” directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites.mu-plugins, short for must-use plugins, refers to plugins in a special directory (“wp-content/mu-plugins”) that are automatically executed by WordPress without the need to enable them explicitly via…
-
Hijacked Microsoft web domain injects spam into SharePoint servers
by
in SecurityNewsThe legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/hijacked-microsoft-stream-classic-domain-spams-sharepoint-sites/
-
Multistage Info-Stealer SnakeKeylogger Targets Individuals and Businesses to Steal Login Credentials
by
in SecurityNewsSnakeKeylogger, a sophisticated multistage malware, has emerged as a significant threat to both individuals and businesses by targeting sensitive login credentials. This malware campaign is characterized by its stealthy in-memory execution and multi-stage infection chain, making it challenging to detect. The attack begins with a malicious spam email containing a .img file attachment, which, when…
-
Exchange Online bug mistakenly quarantines user emails
by
in SecurityNewsMicrosoft is investigating an Exchange Online bug causing anti-spam systems to mistakenly quarantine some users’ emails. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-bug-mistakenly-quarantines-user-emails/