Topic: email security
-
The Hidden Vulnerabilities in Email Security
Email is the primary cyberattack vector, with malware, scams, and phishing attempts surging by over 130%, 30%, and 20% respectively, causing widespread operational disruptions. Over 78% of organizations experienced an email breach last year, with phishing and impersonation being the most common m...
Read More » -
Darktrace Email Boosts Detection, DLP, and SOC Tools
Darktrace has enhanced its EMAIL platform to better detect sophisticated multi-channel attacks and prevent data loss, using its core Self-Learning AI to identify behavioral anomalies that bypass traditional security tools like secure email gateways. The platform addresses cross-channel threats, s...
Read More » -
Unmask Email Leaks With This Simple Alias Trick
Plus addressing allows you to append a unique identifier to your email address, helping trace which companies mishandle your contact information by revealing the source of unwanted emails. This method involves adding a plus symbol and a descriptive word to your email when signing up for services,...
Read More » -
Is Your SOC Ready for Business Email Compromise?
Business email compromise (BEC) attacks use psychological manipulation rather than technical exploits, bypassing traditional security by mimicking trusted communications and requiring intensive manual investigation. These scams evade detection because they lack malicious code, making them invisib...
Read More » -
Libraesva ESG Zero-Day Exploited in Active Attacks (CVE-2025-59689)
A critical zero-day vulnerability (CVE-2025-59689) in the Libraesva Email Security Gateway is being actively exploited by a suspected state-sponsored actor, allowing arbitrary command execution on affected systems. The flaw is a command injection vulnerability caused by improper input sanitizatio...
Read More » -
Beware: Fake Spam Filter Alerts Invading Inboxes
A new phishing scam tricks users with fake alerts about spam filters blocking legitimate emails, urging them to click links to release messages, posing serious security risks. These deceptive emails mimic official communications, redirecting users to counterfeit login pages that steal credentials...
Read More » -
How Hackers Poison AI and How to Stop Them
Cybercriminals are leveraging AI to create sophisticated spam, malicious code, and phishing campaigns, while also directly targeting AI systems to exploit vulnerabilities. Attackers use AI to refine deceptive communications through A/B testing and exploit AI assistants and security tools, leading...
Read More » -
Barracuda Research: Your Hub for Global Threat Intelligence
Barracuda Networks has launched Barracuda Research, a centralized hub providing threat intelligence and cybersecurity analysis to help organizations identify risks and implement protective measures. A study reveals that 31% of businesses with up to 2,000 employees struggle to handle cyberthreat i...
Read More » -
Google Ignores Critical Gemini ASCII Attack
A newly discovered ASCII smuggling vulnerability in Google's Gemini AI allows attackers to use invisible Unicode characters to manipulate the system, potentially spreading false information or accessing unauthorized data. This security flaw affects multiple AI platforms including Google Gemini, D...
Read More » -
Why Attackers Are Phishing on LinkedIn
Phishing attacks have expanded beyond email, with 34% now occurring on platforms like LinkedIn, targeting executives in finance and tech sectors, but are severely underreported due to reliance on email-focused security metrics. LinkedIn phishing evades conventional defenses by bypassing email sec...
Read More » -
Rust Developers Targeted in New Phishing Campaign
A new phishing campaign is targeting Rust developers via emails that mimic official security breach notifications from the Rust Foundation, attempting to steal GitHub credentials. The fraudulent messages directed users to a fake login portal, but officials confirmed no actual breach occurred and ...
Read More » -
CISA, Partners Act on Critical Microsoft Exchange Vulnerabilities
CISA, NSA, and international partners have issued critical guidance for securing on-premises Microsoft Exchange Servers, as Microsoft ends perpetual security updates for Exchange 2016 and 2019, leaving systems vulnerable to cyber threats. Recommended actions include restricting administrative acc...
Read More » -
Hospitals Overwhelmed by Unmanageable Threats
The healthcare sector faces a severe cybersecurity crisis, with 93% of U.S. organizations experiencing attacks in the past year, frequently disrupting patient care and exposing vast amounts of sensitive data. Key vulnerabilities include exposed staff data on people search sites, attacks on medica...
Read More » -
Automation Won't Save You From Security Fundamentals
Many businesses neglect foundational security practices like consistent patching, strict access control, and diligent vendor oversight, often due to inconsistent efforts and inadequate funding. The human element is the weakest link, with employee training and awareness issues leading to vulnerabi...
Read More » -
Avast's Free AI Scam Protection Now Available Worldwide
Avast has globally launched its free AI scam protection tool, Scam Guardian, via its Free Antivirus platform to make advanced scam defense accessible to all, addressing the rise in AI-enhanced, personalized scams. The tool uses proprietary AI to analyze communication context and language, identif...
Read More » -
Critical SonicWall SonicOS Flaw Lets Hackers Crash Firewalls
SonicWall has issued an urgent warning about a high-severity security flaw (CVE-2025-40601) in its SonicOS SSLVPN service, which could allow attackers to crash affected firewalls via a denial-of-service attack, impacting Gen7 and Gen8 hardware and virtual firewalls. The company states there is no...
Read More » -
WSUS Flaw Exploited, BIND 9 PoC Published in Security Review
The digital security landscape is rapidly evolving with emerging threats like biometric innovations such as EarID for identity verification and critical infrastructure risks in healthcare and smart homes, requiring proactive defense strategies. New tools and vulnerabilities are shaping cybersecur...
Read More » -
University of Pennsylvania Data Breach Exposed in Hack
The University of Pennsylvania experienced a cybersecurity incident where fraudulent emails were sent from official accounts, falsely claiming a data breach and criticizing the university's security and admissions policies. The university confirmed the emails were fake, stated they do not reflect...
Read More » -
Unmasking BiDi Swaps: The Fake URL Threat
The BiDi Swap technique exploits browser bidirectional text handling to create deceptive URLs that appear legitimate but redirect to malicious sites, building on earlier spoofing methods like Punycode and RTL Override exploits. This vulnerability arises from inconsistencies in how browsers manage...
Read More » -
New MatrixPDF Toolkit Weaponizes PDFs for Phishing Attacks
MatrixPDF is a malicious toolkit that transforms harmless PDFs into phishing tools, redirecting users to credential harvesting pages or initiating malware downloads, and is marketed on underground forums and Telegram. The toolkit offers features like drag-and-drop importing, real-time previews, a...
Read More » -
Ro's CISO: Securing Telehealth Data Flows
The rapid growth of telehealth creates a complex data flow across cloud and third-party platforms, demanding a dynamic, continuous security strategy that goes beyond static compliance to protect patient privacy. A core vulnerability is the frequent lack of universal data classification, making it...
Read More » -
Salesloft & Drift Breach Results, Malicious GitHub Installers Exposed
Major platforms like Salesloft and Drift were breached via unauthorized GitHub access, emphasizing the need for strong access controls and monitoring. A malvertising campaign in the EU is distributing fake GitHub Desktop installers to deliver malware, urging IT professionals to verify software so...
Read More » -
Your Android's 2FA and Messages Aren't Safe From Hackers
A security flaw called Pixnapping allows malicious apps to intercept sensitive data like two-factor codes and private messages without requiring special permissions by exploiting screen display mechanisms. The attack works by forcing targeted apps to show confidential information on screen, where...
Read More » -
Microsoft Now Auto-Archives Exchange Emails by Default
Microsoft has made threshold-based auto-archiving the default in Exchange Online, automatically moving older items to an archive when mailbox usage nears 90% to prevent disruptions. This proactive system monitors mailbox size continuously, archiving the oldest content first to maintain functional...
Read More » -
Norton Rolls Out Global AI Scam Protection for All 360 Plans
Norton has globally expanded its AI-powered Scam Protection to all Norton 360 and mobile security plans, offering real-time defense against scams across web browsing, email, SMS, video platforms, and phone calls. Social engineering threats, including scams, are the most common cyber danger, makin...
Read More » -
NCSC Alerts Orgs to Vulnerabilities in Exposed Devices
The UK's National Cyber Security Center has launched a **Proactive Notifications service** pilot, which scans the public internet for vulnerabilities in UK-connected systems and alerts organizations with tailored advice to fix them. The service operates legally and sends communications only from ...
Read More » -
Internet Rebounds After Major Cloudflare Outage
A major Cloudflare network outage disrupted numerous high-traffic websites and services, including X, ChatGPT, and Amazon Web Services, due to its critical role in web infrastructure. The outage was caused by an internal configuration error that created an oversized file, leading to software fail...
Read More »