Topic: email security
-
Unmask Email Leaks With This Simple Alias Trick
Plus addressing allows you to append a unique identifier to your email address, helping trace which companies mishandle your contact information by revealing the source of unwanted emails. This method involves adding a plus symbol and a descriptive word to your email when signing up for services,...
Read More » -
Is Your SOC Ready for Business Email Compromise?
Business email compromise (BEC) attacks use psychological manipulation rather than technical exploits, bypassing traditional security by mimicking trusted communications and requiring intensive manual investigation. These scams evade detection because they lack malicious code, making them invisib...
Read More » -
Libraesva ESG Zero-Day Exploited in Active Attacks (CVE-2025-59689)
A critical zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway is being actively exploited by a suspected state-sponsored actor, allowing arbitrary command execution on affected systems. The flaw is a command injection vulnerability caused by improper input sanitizatio...
Read More » -
How Hackers Poison AI and How to Stop Them
Cybercriminals are leveraging AI to create sophisticated spam, malicious code, and phishing campaigns, while also directly targeting AI systems to exploit vulnerabilities. Attackers use AI to refine deceptive communications through A/B testing and exploit AI assistants and security tools, leading...
Read More » -
Barracuda Research: Your Hub for Global Threat Intelligence
Barracuda Networks has launched Barracuda Research, a centralized hub providing threat intelligence and cybersecurity analysis to help organizations identify risks and implement protective measures. A study reveals that 31% of businesses with up to 2,000 employees struggle to handle cyberthreat i...
Read More » -
Google Ignores Critical Gemini ASCII Attack
A newly discovered ASCII smuggling vulnerability in Google's Gemini AI allows attackers to use invisible Unicode characters to manipulate the system, potentially spreading false information or accessing unauthorized data. This security flaw affects multiple AI platforms including Google Gemini, D...
Read More » -
Rust Developers Targeted in New Phishing Campaign
A new phishing campaign is targeting Rust developers via emails that mimic official security breach notifications from the Rust Foundation, attempting to steal GitHub credentials. The fraudulent messages directed users to a fake login portal, but officials confirmed no actual breach occurred and ...
Read More » -
New MatrixPDF Toolkit Weaponizes PDFs for Phishing Attacks
MatrixPDF is a malicious toolkit that transforms harmless PDFs into phishing tools, redirecting users to credential harvesting pages or initiating malware downloads, and is marketed on underground forums and Telegram. The toolkit offers features like drag-and-drop importing, real-time previews, a...
Read More » -
Salesloft & Drift Breach Results, Malicious GitHub Installers Exposed
Major platforms like Salesloft and Drift were breached via unauthorized GitHub access, emphasizing the need for strong access controls and monitoring. A malvertising campaign in the EU is distributing fake GitHub Desktop installers to deliver malware, urging IT professionals to verify software so...
Read More » -
Your Android's 2FA and Messages Aren't Safe From Hackers
A security flaw called Pixnapping allows malicious apps to intercept sensitive data like two-factor codes and private messages without requiring special permissions by exploiting screen display mechanisms. The attack works by forcing targeted apps to show confidential information on screen, where...
Read More » -
Microsoft Now Auto-Archives Exchange Emails by Default
Microsoft has made threshold-based auto-archiving the default in Exchange Online, automatically moving older items to an archive when mailbox usage nears 90% to prevent disruptions. This proactive system monitors mailbox size continuously, archiving the oldest content first to maintain functional...
Read More »
