Security News

Microsoft 365 Admin portal abused to send sextortion emails
2024-11-18 12:08

The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the emails appear trustworthy and bypassing email security platforms. [...]

Gmail's New Shielded Email Feature Lets Users Create Aliases for Email Privacy
2024-11-18 11:15

Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first...

Phishing emails increasingly use SVG attachments to evade detection
2024-11-17 16:25

Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. [...]

Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails
2024-11-14 05:43

A newly patched security flaw impacting Windows NT LAN Manager (NTLM) was exploited as a zero-day by a suspected Russia-linked actor as part of cyber attacks targeting Ukraine. The vulnerability...

Microsoft Exchange adds warning to emails abusing spoofing flaw
2024-11-12 21:45

Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. [...]

New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns
2024-11-12 14:00

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed...

Don't open that 'copyright infringement' email attachment – it's an infostealer
2024-11-07 22:18

Curiosity gives crims access to wallets and passwords Organizations should be on the lookout for bogus copyright infringement emails as they might be the latest ploy by cybercriminals to steal their data.…

Beware of phishing emails delivering backdoored Linux VMs!
2024-11-05 13:54

Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The...

Threat actors are stepping up their tactics to bypass email protections
2024-11-01 04:30

Although most organizations use emails with built-in security features that filter out suspicious messages, criminals always find a way to bypass these systems. With the development of AI...

Gang gobbles 15K credentials from cloud and email providers' garbage Git configs
2024-10-31 23:59

Emeraldwhale gang looked sharp – until it made a common S3 bucket mistake A criminal operation dubbed Emeraldwhale has been discovered after it dumped more than 15,000 credentials belonging to...