Tag: spam
-
Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts
A joint congressional report describes a spam operation that turned tens of thousands of fake podcasts into search-engine bait for illegal pharmacy and scam sites. First seen on wired.com Jump to article: www.wired.com/story/drug-sites-hijacked-spotifys-search-ranking-through-fake-podcasts-report-finds/
-
Proxmox releases Mail Gateway 9.1 with quarantine and backup encryption changes
Proxmox Mail Gateway 9.1 adds updated system components, changes to the spam quarantine interface, and encryption for backups. It works as a mail proxy positioned between the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/proxmox-mail-gateway-9-1-released/
-
Proxmox releases Mail Gateway 9.1 with quarantine and backup encryption changes
Proxmox Mail Gateway 9.1 adds updated system components, changes to the spam quarantine interface, and encryption for backups. It works as a mail proxy positioned between the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/11/proxmox-mail-gateway-9-1-released/
-
Payouts King Ransomware Bypasses EDR via Obfuscation and Direct Syscalls
Payouts King ransomware has emerged as a notable post-BlackBasta threat, leveraging advanced obfuscation and direct system calls to evade endpoint detection and response (EDR) solutions. Threat activity observed in early 2026 shows strong overlaps with historical BlackBasta tradecraft, particularly the use of spam bombing combined with phishing and vishing. In these campaigns, attackers overwhelm victims…
-
Modulare Malware macht Tech-Support-Scams besonders gefährlich
Zu Beginn des Angriffs wird der Posteingang des ausgemachten Opfers wie so oft mit einer Flut von Spam-E-Mails attackiert. Kurz darauf kontaktiert dann der Angreifer First seen on infopoint-security.de Jump to article: www.infopoint-security.de/modulare-malware-macht-tech-support-scams-besonders-gefaehrlich/a45252/
-
Scammers are abusing an internal Microsoft account to send spam links
The loophole allows spammers and scammers to send emails from a legitimate Microsoft email address typically used for sending genuine account alerts. First seen on techcrunch.com Jump to article: techcrunch.com/2026/05/21/scammers-are-abusing-an-internal-microsoft-account-to-send-spam/
-
Linux Torvalds Warns AI Bug Report Spam Is Disrupting Linux Security Discussions
Linux kernel creator Linus Torvald has warned that a flood of low”‘value, AI”‘generated bug reports is overwhelming the private Linux security mailing list and actively disrupting real security work. The new kernel documentation for Linux 7.1 now explicitly tells AI users to treat such findings as public bugs and to contribute thorough analysis and patches…
-
PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB Credentials
Tags: breach, cloud, container, credentials, cyber, data-breach, docker, extortion, framework, fraud, infrastructure, kubernetes, malware, spam, threat, wormA newly identified malware framework dubbed PCPJack is targeting exposed cloud and container infrastructure to steal credentials at scale while actively removing artifacts linked to the TeamPCP threat actor. Unlike typical cloud-focused campaigns, PCPJack skips cryptomining entirely and instead appears optimized for fraud, spam, extortion, and resale of stolen access. TeamPCP itself drew attention earlier in 2026…
-
Email Bombing, Fake IT Support Calls Drive Microsoft Teams Phishing Surge
Email bombing campaigns combined with fake IT support outreach are driving a surge in sophisticated Microsoft Teams phishing attacks. The attacks typically begin with email bombing, where victims are flooded with spam messages to create confusion and urgency. Shortly after, threat actors initiate contact via Microsoft Teams, impersonating internal IT support or helpdesk personnel. Posing…
-
Attacken auf Firmennetzwerke: Hacker tricksen Teams-Nutzer mit Spam aus
Google-Forscher warnen vor einer Hackergruppe, die Nutzer bei Microsoft Teams austrickst, um gefährliche Malware in Firmennetzwerke zu schleusen. First seen on golem.de Jump to article: www.golem.de/news/attacken-auf-firmennetzwerke-hacker-tricksen-teams-nutzer-mit-spam-aus-2604-208048.html
-
Neue Phishing-Welle nutzt Apple-Server für betrügerische Käufe
Eine neue Kampagne macht sich die automatisierten Sicherheitsmitteilungen von Apple zunutze, um gefälschte Benachrichtigungen über iPhone-Käufe zu versenden. Da die Nachrichten direkt über die offizielle Infrastruktur von Apple generiert werden, umgehen sie mühelos moderne Spam-Filter und täuschen selbst erfahrene Nutzer. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/phishing-welle-apple-server
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
Apple account change alerts abused to send phishing emails
Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple’s servers, increasing legitimacy and potentially allowing them to bypass spam filters. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-account-change-alerts-abused-to-send-phishing-emails/
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
Google to penalize sites that hijack the back button
Google is broadening its spam policies to crack down on >>back button hijacking,<< a deceptive practice where websites interfere with browser navigation, blocking … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/14/google-back-button-hijacking/
-
The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks
Flashpoint analysts, working with partner financial institutions, have observed a growing number of PhaaS operations operating with a level of coordination and specialization more commonly associated with legitimate software platforms. These ecosystems bring together phishing kit developers, infrastructure providers, spam delivery services, and financially motivated actors into a single, scalable pipeline for fraud. First seen…
-
WhatsApp Adds Username Feature to Boost Privacy and Reduce Number Sharing
For years, WhatsApp required users to share their personal phone numbers to communicate. This is finally changing. To improve user privacy and mitigate risks like doxing or targeted spam, WhatsApp is rolling out a highly anticipated username feature. This update allows individuals to connect without exposing their phone numbers, offering a new layer of anonymity…
-
Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure
Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. >>Because the … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/09/saas-platforms-notification-systems-phishing/
-
Is Gmail Filtering Your Emails? Causes, Signs Fixes
Find out why Gmail is filtering your emails, what triggers its spam filters, and how to fix it, including authentication, sender reputation, and content issues. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/is-gmail-filtering-your-emails-causes-signs-fixes/
-
The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines
Cisco Talos has recently observed an increase in activity that is leveraging notification pipelines in popular collaboration platforms to deliver spam and phishing emails. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/weaponizing-saas-notification-pipelines/
-
36 Malicious Strapi npm Packages Deliver Redis RCE, Persistent C2 Malware
Tags: attack, control, credentials, cyber, malicious, malware, rce, remote-code-execution, spam, supply-chainA coordinated supply chain attack has been uncovered involving 36 malicious npm packages masquerading as Strapi CMS plugins, delivering a range of payloads including Redis remote code execution (RCE), credential harvesting, and persistent command-and-control (C2) malware. The campaign was carried out using four sock-puppet npm accounts umarbek1233, kekylf12, tikeqemif26, and umar_bektembiev1. Unlike typical npm spam…
-
Gmail’s New Rename Feature Could Add Spam and Phishing to Your Inbox
As of March 31st, Google is allowing users to change their primary Gmail address username. Although a nice feature for those who created unfortunate names originally, it may also undermine spam and phishing blocking. The feature is intended to allow the user account to be changed while keeping the underlying account intact. The original name…
-
Spam Anrufe: Diese Nummern sollten Sie sofort blockieren
Tags: spamBetrüger setzen auf Druck, gefälschte Identitäten und automatisiertes Number Cycling. Diese Nummern sind Spam Anrufe. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/spam-anrufe-diese-nummern-blockieren
-
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack
Tags: ai, attack, breach, cloud, control, credentials, crypto, github, incident response, linux, LLM, macOS, malicious, malware, monitoring, open-source, openai, powershell, pypi, rat, spam, supply-chain, tool, windowspostinstall hook that would execute a dropper script when it was pulled in by a different package as a dependency.Shortly after midnight UTC on March 31 a new version of the Axios package, axios@1.14.1, was published on npm followed by axios@0.30.4 39 minutes later. Both listed plain-crypto-js@4.2.1 as a dependency in their package.json files, but…
-
Rspamd 4.0.0 ships memory savings, a new scan protocol, and a required migration step
The open-source spam filtering platform Rspamd released version 4.0.0, delivering infrastructure changes across its scan protocol, memory model, hash storage, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/rspamd-4-0-0-released/
-
Hybrid Vishing Campaigns Abuse Online Services to Evade Anti-Spam Filters
Fortra finds hybrid vishing now abuses trusted platforms to bypass filters and trick victims into calling attacker-controlled numbers. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/hybrid-vishing-campaigns-abuse-online-services-to-evade-anti-spam-filters/
-
Wegen Spam und Manipulation: X hat 2024 800 Millionen Nutzerkonten gesperrt
In einer Anhörung vor britischen Abgeordneten benannte X Russland, Iran und China als Hauptakteure bei Manipulationsversuchen auf der Plattform. First seen on golem.de Jump to article: www.golem.de/news/wegen-spam-und-manipulation-x-hat-2024-800-millionen-nutzerkonten-gesperrt-2603-206323.html
-
Twitter suspended 800 million accounts last year so why does manipulation remain so rampant?
Tags: spamElon Musk’s social media site says it suspended 800 million accounts in a year for spam and manipulation – but with state-backed campaigns still flooding the platform, the real question is how many fake accounts remain. First seen on bitdefender.com Jump to article: www.bitdefender.com/en-us/blog/hotforsecurity/twitter-suspended-800-million-accounts-last-year-so-why-does-manipulation-remain-so-rampant