Tag: email
-
Security Affairs newsletter Round 559 by Pierluigi Paganini INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. UkraineGermany operation targets Black Basta, Russian leader wanted China-linked APT UAT-8837 targets North American critical infrastructure…
-
Cisco finally fixes AsyncOS zero-day exploited since November
Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisco-finally-fixes-asyncos-zero-day-exploited-since-november/
-
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686.The vulnerability, tracked as…
-
One click is all it takes: How ‘Reprompt’ turned Microsoft Copilot into data exfiltration tools
What devs and security teams should do now: As in usual security practice, enterprise users should always treat URLs and external inputs as untrusted, experts advised. Be cautious with links, be on the lookout for unusual behavior, and always pause to review pre-filled prompts.”This attack, like many others, originates with a phishing email or text…
-
Google now lets you change your @gmail.com address, rolling out
Google has confirmed that it’s now possible to change your @gmail.com address. This means that if your current email is xyz@gmail.com, you can now change it to abc@gmail.com. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/technology/google-now-lets-you-change-your-gmailcom-address-rolling-out/
-
Eurail customer database hacked
Identification data: First name, last name, date of birth, genderContact details: Email address, home address, telephone numberPassport details: Passport number, country of issue and expiry date No further details about the attack are available. According to Eurail, the investigation is ongoing. But at this time there is no indication the data was misused or publicly…
-
QR codes are getting colorful, fancy, and dangerous
QR codes have become a routine part of daily life, showing up on emails, posters, menus, invoices, and login screens. Security-savvy users have learned to treat links with … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/15/fancy-qr-codes-phishing-risk/
-
Webinar: Beyond the Quadrant: An Analyst’s Guide to Evaluating Email Security in 2026
Join former Gartner analyst Ravisha Chugh and Abnormal’s Director of Product Marketing, Lane Billings, on January 20th for an exclusive insider look at how email security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/14/abnormal-ai-webinar-beyond-the-quadrant/
-
Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners
Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accidentally-exposes-data-on-1-800-msp-partners/
-
Cloud marketplace Pax8 accidentally exposes data on 1,800 MSP partners
Cloud marketplace and distributor Pax8 has confirmed that it mistakenly sent an email to fewer than 40 UK-based partners containing a spreadsheet with internal business information, including MSP customer and Microsoft licensing data. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cloud-marketplace-pax8-accidentally-exposes-data-on-1-800-msp-partners/
-
Cyber Fraud Takes the Lead: What the Shift Away From Ransomware Signals for Enterprises
A new global assessment shows that cyber fraud has overtaken ransomware as the top cybersecurity concern for business leaders, driven by a sharp rise in phishing, business email compromise, and identity-based scams, according to the World Economic Forum. While ransomware continues to pose a serious risk, this shift highlights a critical change in attacker behavior.…
-
Identity Under Siege: What the Salt Typhoon Campaign Reveals About Trusted Access Risks
A recent disclosure confirms that email accounts belonging to U.S. congressional staff were compromised as part of the Salt Typhoon cyber-espionage campaign, targeting personnel supporting key House committees and exploiting trusted identities rather than software vulnerabilities, according to TechRadar. While no immediate operational disruption was publicly reported, the incident sends a clear message: identity systems…
-
‘Dual-channel’ attacks are the new face of BEC in 2026
Business email compromise remains a significant threat as cyber fraudsters deploy a more diverse range of tactics against their potential victims, according to a report. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366637242/Dual-channel-attacks-are-the-new-face-of-BEC-in-2026
-
Betterment confirms data breach after wave of crypto scam emails
U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/betterment-confirms-data-breach-after-wave-of-crypto-scam-emails/
-
Betterment confirms data breach after wave of crypto scam emails
U.S. digital investment advisor Betterment confirmed that hackers breached its systems and sent fake crypto-related messages to some customers. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/betterment-confirms-data-breach-after-wave-of-crypto-scam-emails/
-
Email is Not Legacy. It’s Infrastructure.
Discover why business email remains mission-critical infrastructure, and how governance, automation, and AI integration future-proof it. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/01/email-is-not-legacy-its-infrastructure/
-
Spanish police disrupt Black Axe, arrest alleged leaders in action spanning four cities
The criminal organization specialized in business email compromise scams and generated billions of dollars in criminal proceeds annually from many small-scale operations, officials said. First seen on cyberscoop.com Jump to article: cyberscoop.com/black-axe-disruption-arrests-spain/
-
Notorious BreachForums hacking site hit by ‘doomsday’ leak of 324,000 criminal users
Tags: access, breach, crime, cyber, cybercrime, dark-web, data, data-breach, email, extortion, group, hacking, intelligence, law, leak, password, penetration-testing, ransomware, risk, service, threatHave I Been Pwned, the data breach happened last August, two months before the police takedown of the BreachForums data extortion site after threats by Scattered Lapsus$ Hunters to use it to release one billion records stolen from Salesforce customers.This tallies with the August 11 date on the database leaked last week; that was the…
-
FBI Flags Quishing Attacks From North Korean APT
A state-sponsored threat group tracked as Kimsuky sent QR-code-filled phishing emails to US and foreign government agencies, NGOs, and academic institutions. First seen on darkreading.com Jump to article: www.darkreading.com/mobile-security/fbi-quishing-attacks-north-korean-apt
-
Meta fixes Instagram password reset flaw, denies data breach
Meta fixed an Instagram password reset flaw that let third parties send reset emails, while denying a data breach despite leak claims. Meta confirmed fixing an Instagram password reset vulnerability that allowed third parties to trigger reset emails, while denying any breach despite claims of leaked user data. >>We fixed an issue that let an…
-
Instagram Confirms Password-Reset Spam Flood, Denies Breach
Security Experts See Coincidental Timing After Leak of Scraped Instagram User Data. Instagram said a massive wave of password reset emails sent to its users traced to malicious abuse of a legitimate feature, but didn’t result from any breach of its systems. Separately, security experts said a threat actor leaked 6.2 million users’ email addresses,…
-
Web3 Dev Environments Hit by Fake Interview Software Scam
Web3 and cryptocurrency developers are facing a new wave of targeted attacks driven not by cold outreach, but by carefully engineered “inbound” traps. Instead of chasing victims through phishing emails or unsolicited Telegram messages, threat actors are now building fake companies, posting appealing job openings, and waiting for high-value targets to walk into their infrastructure.…
-
Instagram Confirms No System Breach After External Password Reset Problem
Instagram has dismissed security breach concerns, clarifying that recent unexpected password reset emails were caused by an external party exploiting a now-patched vulnerability rather than a complete system compromise. The social media giant confirmed that a flaw in its systems allowed unknown threat actors to request password reset emails on behalf of users without actually…
-
Google Integrates Gemini Into Gmail, Rolling Out New Capabilities
Google has announced a major upgrade to Gmail, bringing its advanced Gemini AI directly into the email platform. The integration transforms Gmail into a personal, proactive inbox assistant designed to help users manage the ever-increasing volume of emails more efficiently. With 3 billion users relying on Gmail daily, this move represents a significant evolution in…
-
Instagram Denies Breach After Password Reset Emails Alarm Users
Instagram says no breach occurred after attackers abused its password reset system, underscoring how trusted features can still enable phishing risk. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/instagram-denies-breach-after-password-reset-emails-alarm-users/
-
Iran-linked MuddyWater APT deploys Rust-based implant in latest campaign
Rust offers evasion advantages: CloudSEK researchers said RustyWater was developed in Rust, which they said is increasingly used by malware authors for its memory safety features and cross-platform capabilities, according to the blog post. Other state-sponsored groups, including Russia’s Gossamer Bear and China-linked actors, have also deployed Rust-based malware in recent campaigns, according to security…
-
Fake Employee Performance Reports Deliver Guloader Malware
Organizations are being warned about a new phishing campaign that weaponizes fake employee performance reports to deploy the Guloader malware and ultimately install Remcos RAT on compromised systems. In the observed cases, threat actors send phishing emails that purport to share an employee performance report for October 2025. The email body claims that management is…