Skip to main content

Tag: email security

35 articles

Office email workstation with laptop, papers, and supplies under ordinary lighting.

AI Spam Filters Vulnerable to Text Salting Attacks

Over 1 million retail-themed phishing emails have been detected using a sneaky technique called text salting to evade AI spam filters since April. This clever trick hides harmless words in malicious messages, fooling automated scanners but not the human eye.

Analyst 207
Laptop screen shows brightly-lit email inbox with subtle hint of security threat.

Zimbra Warns of Stored XSS Flaw in Classic Web Client

Zimbra is urging customers to update their Classic Web Client immediately due to a critical vulnerability that could allow hackers to access sensitive mailbox information and execute malicious code via specially crafted emails. Installing the update, specifically upgrading to Zimbra Collaboration Suite version 10.1.19, will help protect against this threat.

Analyst 207
Office workstation with laptop and printer in background.

EvilTokens Exposes New Blind Spot in Email Security

A shocking 75.6% of consulting firms were exposed to phishing attacks in 2026, with other industries like financial services, manufacturing, and tech also falling prey to these threats. EvilTokens' ghost phishing campaign uses a sneaky Microsoft Device Code Phishing tactic to trick victims into giving hackers access to their Microsoft 365 accounts.

Analyst 207
Concerned business owner sits at desk, scrutinizing suspicious email on smartphone.

Meta Disrupts Phishing Campaign Targeting Facebook Business Users

Watch out for phishing scams targeting Facebook Business users - red flags include broken graphics, suspicious links, and unsolicited emails promising exciting opportunities. Experts warn that cybercriminals are getting sneaky, using legitimate-looking emails and Messenger chatbots to trick victims into taking action.

Analyst 207
Brightly-lit office desk near a window with a computer screen or email inbox in the foreground.

Microsoft Uncovers Large-Scale Phishing Campaign Using Fake Compliance Emails

In just 48 hours, a massive phishing campaign targeted over 35,000 users across 13,000 organizations in 26 countries, using convincing fake compliance emails to steal login credentials. The sophisticated attack, detected by Microsoft's Defender Research team, hit US firms hard, but its global reach was widespread.

Analyst 207
Cloud-based email service dashboard on laptop screen with blurred interface, surrounded by a brightly-lit institutional…

Phishing Attacks Exploit Amazon SES to Evade Detection

Kaspersky researchers have uncovered a surge in phishing attacks that cleverly exploit Amazon's trusted email service to evade detection. By using valid Amazon SES credentials, attackers can send convincing phishing messages that slip past standard security checks.

Analyst 207
Blurred computer screen in a bright office setting with a suspicious email message on screen.

Attackers Exploit Amazon SES to Bypass Email Security in Phishing Campaigns

Phishing campaigns are now using Amazon's Simple Email Service to make malicious messages look legit, bypassing standard email security checks and putting victims at risk of revealing sensitive data. By exploiting Amazon SES's trusted reputation and authentication features, attackers are making it harder to spot phishing emails.

Analyst 207
Secure server room with rows of computer servers and networking equipment.

Microsoft to Discontinue Legacy TLS Versions in Exchange Online by July 2026

Microsoft is putting the brakes on outdated security protocols, announcing that it'll start blocking legacy TLS 1.0 and 1.1 connections to Exchange Online in July 2026 - so it's time to upgrade and stay secure! This move marks the end of an era for older clients that still rely on these outdated protocols.

Analyst 207
Rows of computer servers and equipment in a well-lit, modern server room with ambient daylight from large windows.

Microsoft Phases Out Legacy TLS in Exchange Online

Microsoft is phasing out support for outdated TLS versions (TLS 1.0 and TLS 1.1) for POP3 and IMAP4 connections to Exchange Online, starting July 2026, to boost security. From then on, only TLS 1.2 or later will be accepted, making older connections obsolete.

Analyst 207
Hospital administrative area with computer and printer, emphasizing email security.

Healthcare Breaches Decline, But Lax Email Security Persists

Alarmingly, nearly three-quarters of breached healthcare organizations had weak email defenses, with 74% either lacking a DMARC policy or having it set to monitor-only mode, leaving them vulnerable to attacks.

Analyst 207
Office cubicle with open laptop showing an email inbox with a blank subject line on a cluttered desk.

Phishing Attacks Exploit Email Blind Spots with Silent Subject Lines

Phishing attacks are on the rise, with a 13.9% surge in January and February, followed by a 7% increase in March, and cybercriminals are getting sneaky by using empty subject lines to bypass email defenses and pique human curiosity. By ditching the subject line, attackers are exploiting a blind spot that can trick both automated filters and human instincts.

Analyst 207
Smartphone screen with notification, fishing hook hovering above, and shadowy figure lurking in corner.

Hackers Exploit Apple Alerts to Fuel Phishing Scams

Scammers are exploiting Apple's own notification system to send fake emails that look legit, tricking you into divulging sensitive info with phishing scams disguised as iPhone purchase alerts. Be cautious when receiving Apple account change notifications - even if they come from Apple's servers!

Analyst 207
CISA Adds Two Roundcube Flaws to KEV: Exclusive Critical

CISA Adds Two Roundcube Flaws to KEV: Exclusive Critical

CISA has added two Roundcube vulnerabilities to its KEV list — including a critical 9.9-rated RCE (CVE-2025-49113) — meaning active exploitation is underway. If you run Roundcube, patch now to protect email stores, contacts, and stop attackers from hijacking accounts.

Analyst 207
NCSC Set to Retire Web & Mail Check: Exclusive Urgent Alert

NCSC Set to Retire Web & Mail Check: Exclusive Urgent Alert

NCSC is retiring Web Check and Mail Check — if your organisation relies on them, now’s the time to act. Migrate your scans, prioritise critical assets, and find affordable alternatives before those safety nets disappear.

Analyst 207
Blitz Spear Phishing Campaign Exclusive: NGOs at Risk

Blitz Spear Phishing Campaign Exclusive: NGOs at Risk

Imagine the inbox that coordinates relief suddenly opening the door to attackers: a one-day spear-phishing blitz—dubbed PhantomCaptcha—targeted NGOs and regional offices helping Ukraine with convincing impersonations and weaponized attachments to harvest credentials and deploy malware. It’s a stark reminder that adversaries now weaponize trust and identity to disrupt aid, not just networks.

Analyst 207
political fundraising emails: Best Must-Have Fixes

political fundraising emails: Best Must-Have Fixes

GOP leaders are accusing Gmail of censoring Republican fundraising emails, prompting an FTC probe — but experts say the real story may be less about bias and more about how spam filters punish high-volume, poorly authenticated senders. Understanding sender reputation and better email practices could fix delivery problems without turning every misfiled message into a censorship scandal.

Analyst 207
Libraesva ESG Urgent Patch: Critical Risk Exposed

Libraesva ESG Urgent Patch: Critical Risk Exposed

A newly patched command-injection flaw in Libraesva’s Email Security Gateway was reportedly exploited by state-sponsored actors, putting email perimeters at risk of lateral movement and data theft. If you run ESG, update immediately, segment management interfaces, and hunt for signs of compromise.

Analyst 207
Tycoon phishing kit: Stunning Dangerous Cloaking Tactics

Tycoon phishing kit: Stunning Dangerous Cloaking Tactics

A prolific phishing kit called Tycoon is now hiding malicious links behind layered redirects, URL obfuscation, and browser-only cloaking to slip past email scanners and trick users. Stay vigilant—combine stronger link inspection, browser-based emulation, DMARC/DKIM/SPF hardening, and user training to blunt this evolving threat.

Analyst 207
Microsoft malware threat: Stunning, Alarming Risks

Microsoft malware threat: Stunning, Alarming Risks

Imagine your inbox becoming a spying ground — UK officials warn Fancy Bear-linked hackers are using new malware to hijack Microsoft email accounts and siphon private messages and sensitive documents. Take it seriously: enable MFA, tighten access controls, and monitor for unusual logins to stay one step ahead.

Analyst 207
Microsoft malware: Stunning Critical Threats Exposed

Microsoft malware: Stunning Critical Threats Exposed

Russian state-backed hackers have unleashed stealthy Microsoft-targeted malware to hijack Outlook accounts—exposing how fragile our email defenses can be. Now’s the time to tighten security with phishing-resistant MFA, vigilant monitoring, and smarter user habits to stay one step ahead.

Analyst 207
Russian email malware: Exclusive Dangerous Threat

Russian email malware: Exclusive Dangerous Threat

A sophisticated Russian-linked malware campaign called Authentic Antics is quietly hijacking Microsoft cloud email accounts to harvest credentials and spy on high-value targets. Treat email security as strategic—enable MFA, monitor mailbox rules, and train users to spot convincing phishing so a single message can’t turn into a national-security headache.

Analyst 207
Cybercriminals Exploit PDFs to Mimic Microsoft and DocuSign in Phishing Schemes

Cybercriminals Exploit PDFs to Mimic Microsoft and DocuSign in Phishing Schemes

Cybercriminals are using manipulated PDFs to impersonate Microsoft and DocuSign, leading to sophisticated phishing schemes that target unsuspecting users.

Analyst 207
Microsoft Defender for Office 365 Enhances Protection Against Email Bombing Attacks

Microsoft Defender for Office 365 Enhances Protection Against Email Bombing Attacks

Discover how Microsoft Defender for Office 365 strengthens security against email bombing attacks, safeguarding your organization’s communications effectively.

Analyst 207
Microsoft 365 ‘Direct Send’ Exploited for Internal Phishing Attacks

Microsoft 365 ‘Direct Send’ Exploited for Internal Phishing Attacks

Learn how Microsoft’s 365 ‘Direct Send’ feature is exploited in internal phishing attacks, compromising security and user trust within organizations.

Analyst 207