All news with #email security tag

Microsoft named Leader in 2025 Gartner Email Security

🔒 Microsoft has been named a Leader in the 2025 Gartner® Magic Quadrant for Email Security, recognizing advances in Microsoft Defender for Office 365. The announcement highlights agentic AI innovations and automated workflows—including an agentic email grading system and the Microsoft Security Copilot Phishing Triage Agent—that reduce manual triage and speed investigations. Microsoft also cites new protections like email bombing detection and expanded coverage across collaboration surfaces such as Microsoft Teams, while committing to greater transparency through in-product benchmarking and reporting.

Check Point Named Leader in Gartner 2025 Email Security

✅ Check Point has been recognized as a Leader in the 2025 Gartner Magic Quadrant for Email Security. This independent evaluation reinforces our commitment to delivering best-in-class email protection that blocks increasingly sophisticated threats while remaining easy to deploy and manage. According to Check Point Research, 68% of attacks start with email and 61% of harmful files are delivered as HTML attachments, underscoring the need for robust, reliable defenses.

Microsoft Teams guest access can bypass Defender protections

⚠️ Researchers warn a cross-tenant blind spot in Microsoft Teams can allow attackers to sidestep Microsoft Defender for Office 365 when users accept guest access in another tenant. Protections follow the hosting tenant, not the user's home organization, enabling attackers to create protection-free malicious tenants using low-tier licenses. Organizations should restrict B2B invitations, enable cross-tenant access controls, and train users to reject unsolicited guest invites.

Hidden Text Salting: CSS Abuse in Email Threats and Evasion

🧂 Cisco Talos documents growing abuse of CSS to insert visually hidden 'salt' into emails, a technique that undermines parsing and language-detection systems. Observed across preheaders, headers, attachments and bodies between March 1, 2024 and July 31, 2025, attackers use CSS properties (font-size, opacity, display, clipping) and zero-width characters to conceal irrelevant content. Talos recommends detection plus HTML sanitization and filters—examples include Cisco Secure Email Threat Defense—to strip or ignore invisible content before downstream analysis.

Zimbra XSS Zero-Day Used to Target Brazilian Military

⚠️A stored cross-site scripting vulnerability in the Zimbra Classic Web Client (CVE-2025-27915) was exploited in targeted attacks and has since been patched. The flaw allowed embedded JavaScript in ICS calendar entries to execute via an ontoggle event, enabling attackers to create mail filters, redirect messages, and exfiltrate mailbox data. Zimbra released fixes on January 27, 2025; administrators should apply updates and audit mailbox filters and logs for indicators of compromise.

New MatrixPDF Phishing Technique Targets Gmail Users

📄 Researchers at Varonis have identified a sophisticated phishing toolkit called MatrixPDF that embeds prompts, JavaScript, and external redirects inside seemingly legitimate PDF files to target Gmail users. Attackers exploit Gmail's preview and desktop PDF readers: a blurred preview displays a prompt to 'open secure document' that directs victims to external payloads, while embedded scripts can fetch malware if a user grants permission. Because the malicious content is only retrieved after user interaction, Gmail's automated scanners and attachment sandboxes can be bypassed. Security experts recommend stronger webmail controls, robust attachment sandboxing, endpoint detection, and frequent, realistic user awareness training.

State-Sponsored Attacks Exploit Libraesva ESG Vulnerability

⚠️ Libraesva has released an urgent update to address a command injection vulnerability in its ESG email security product that is being exploited by state‑sponsored actors. Tracked as CVE-2025-59689 with a CVSS score of 6.1, the flaw is triggered by a malicious compressed attachment and can execute arbitrary commands as a non‑privileged user. Users should upgrade affected versions (4.5–5.5.x before 5.5.7) to the patched releases immediately.