< ciso
brief />
Tag Banner

All news with #email security tag

76 articles

Why attackers target your email inbox aggressively

📧 Email accounts act as hubs for identity verification, password resets and long-term records, making them prime targets for cybercriminals. Attackers use phishing, account takeover, forwarding rules and abused tokens to maintain access, intercept codes and harvest sensitive information. Corporate inbox breaches can lead to data theft, ransomware or expensive fraud, while sophisticated tools like GenAI increase phishing success rates. Regularly review security settings, use MFA or passkeys, and remain vigilant to reduce risk.
read more →

Webinar: Automating email security with behavioral AI

📢 On July 8, 2026, BleepingComputer will present a live webinar titled "Stop chasing alerts: Automating email security with behavioral AI" featuring speakers from Abnormal AI and Novant Health. The session will examine why phishing, BEC, and ATO attacks still generate overwhelming alerts and how behavioral AI can automate detection, investigation, and remediation. Attendees will learn practical techniques to reduce manual workloads, prioritize high-risk incidents, and improve response times across email security operations.
read more →

Growing detection gaps across non-email collaboration platforms

🔍 New research from KnowBe4 finds cybersecurity leaders increasingly lack confidence in detecting threats on non-email channels like Slack and Microsoft Teams. An Infosecurity Europe 2026 survey of 169 professionals reports that 50% of organizations do not have strong visibility across messaging and social platforms, even as 60% say attacks are moving beyond email. While email remains viewed as the riskiest channel, confidence in stopping email attacks (83%) is far higher than for Teams (61%), social media (51%), SMS/WhatsApp (50%) and Slack (40%).
read more →

Microsoft Claims Defender May Replace Other Email Tools

📧 Microsoft’s benchmarking suggests Defender for Office 365 catches most malicious and spam email pre-delivery and removes nearly all threats that reach inboxes, with integrated partners adding negligible improvement. Experts caution against interpreting raw catch rates as proof that one-vendor stacks suffice, noting that small percentages can still represent high-impact incidents and that diverse tools and detection methods remain valuable.
read more →

Cloudflare DMARC Management Generally Available

📣 Cloudflare has made DMARC Management generally available and free for customers, offering a redesigned dashboard to simplify the path to full DMARC enforcement. The tool unifies visibility into SPF, DKIM, DMARC, and BIMI, surfaces sending source IPs, and integrates Cloudflare threat intelligence for investigation. It provides automated record analysis with pass/warning/fail statuses and plain-language recommendations, plus an SPF lookup audit to reveal and resolve the 10-lookup limit. DMARC Management requires Cloudflare DNS and is enabled from Email > DMARC Management in the dashboard.
read more →

Microsoft Defender email security benchmarking insights

📊 Over the past year Microsoft published quarterly, real‑world benchmarking that compares Microsoft Defender against secure email gateway (SEG) and integrated cloud email security (ICES) vendors. The reports show Defender consistently misses fewer high‑severity threats pre‑delivery, while ICES vendors mainly improve promotional and bulk filtering. Defender’s post‑delivery remediation contribution has risen substantially, underscoring its role as a critical backstop.
read more →

Proton’s Balance Between Privacy and Abuse Control

🔒 Proton struggles to block criminals while preserving its core privacy guarantees. COO Raphael Auphan explained that the service cannot access encrypted message contents or geolocate users due to its end-to-end encryption model. Instead, Proton invests in account-level and behavioral defenses, including ML models to detect bot-driven sign-ups and abuse. Lawful takedown requests are handled only after Swiss authorities vet and validate them.
read more →

Microsoft Exchange Online outage delays emails

📧 Microsoft is addressing a widespread service issue impacting the mail flow pipeline for Exchange Online customers in North America and Germany. Users reported SMTP deferral errors and abrupt connection closures, causing significant delays or failures when sending and receiving email. Engineers are investigating incident EX1331830 to identify root causes and restore normal service.
read more →

Amazon SES adds global deliverability insights

📣 Amazon Simple Email Service (SES) introduced enhanced deliverability features that report inbox placement percentages and public email blocklist status. These insights use representative industry samples to show how many messages are routed to spam folders and provide visibility by sending domain and campaign. SES also offers pre-send content testing to estimate inbox placement at major mailbox providers and passive monitoring of blocklist activity. The new capabilities are available in all AWS commercial regions where SES is offered.
read more →

Phishers Use ASCII QR Codes to Evade Scanners Now Widely

🛡️ Attackers have started embedding QR codes as ASCII art in phishing emails to bypass image and link scanners. The lure often impersonates services like DocuSign, instructing victims to scan and enter corporate credentials on mobile devices. Deploying secure email gateways with ASCII-decoding and endpoint protections helps detect and block these campaigns and reduce risk.
read more →

Protect Growing Businesses in an AI-Powered World Now

🔒 AI is reshaping work and accelerating threats, with AI-automated phishing reported to be 4.5× more effective than traditional attacks. Growing businesses must balance speed, stability, and risk while often lacking dedicated security teams. Microsoft Security promotes simple, integrated protections for devices, identities, email, and cloud apps. Microsoft 365 Business Premium provides centralized, automated defenses so operations stay resilient and customer trust is preserved.
read more →

Critical Exim GnuTLS Flaw Allows Remote Code Execution

⚠️ A critical user-after-free flaw in Exim (CVE-2026-45185) affects GnuTLS builds prior to 4.99.3 and can be triggered during TLS shutdown while processing BDAT chunked SMTP. The vulnerability allows an unauthenticated remote attacker to achieve arbitrary code execution and access mail data. OpenSSL-based builds are not affected. Administrators should apply Exim v4.99.3 updates immediately via their package managers.
read more →

Amazon SES Mail Manager Adds AWS GovCloud (US) Regions

📨 Amazon SES Mail Manager is now available in AWS GovCloud (US-East and US-West), expanding Mail Manager coverage to 30 AWS regions. The managed gateway centralizes inbound and outbound email routing, filtering, and archiving to simplify infrastructure and reduce reliance on multiple third‑party tools. This AWS-native solution aims to improve visibility and operational control while lowering cost and complexity for regulated and government customers.
read more →

Microsoft to Deprecate Legacy TLS for Exchange Online

🔒 Microsoft will block legacy TLS connections for POP and IMAP access to Exchange Online starting July 2026, deprecating TLS 1.0 and TLS 1.1. Connections that attempt to use those versions will fail, which may prevent older email clients, devices, or embedded systems from connecting. The company says most customers won't be affected because the majority of traffic already uses TLS 1.2 or later. Administrators are advised to verify client configurations, update custom or legacy systems, and avoid legacy endpoints to prevent disruption.
read more →

Robinhood Onboarding Flaw Used to Send Phishing Emails

🔒 Threat actors abused a flaw in Robinhood's account creation flow to inject arbitrary HTML into account confirmation emails, producing convincing Unrecognized Device warnings that directed recipients to a phishing site. The messages originated from noreply@robinhood.com and passed SPF and DKIM checks, which made them appear legitimate. Robinhood confirmed there was no systems breach or impact to customer funds and removed the vulnerable Device: field to remediate the issue. Recipients are advised to delete the emails and verify any suspicious alerts through the official app or website.
read more →

Apple account alerts abused to deliver phishing lures

📧 Threat actors are exploiting Apple account-change notifications to deliver callback phishing within legitimate emails sent from Apple's infrastructure. They place scam text into the account's first and last name fields, then trigger a shipping-info update so Apple sends the altered notification. Because messages are sent from appleid@id.apple.com and pass SPF, DKIM, and DMARC, they appear authentic and can bypass filters, increasing the risk of successful callback scams.
read more →

Mailbox Rule Abuse in Microsoft 365: A Rising Threat

🔒 Security researchers report a rise in attackers abusing mailbox rules inside Microsoft 365 accounts to maintain post-compromise access, exfiltrate data and manipulate communications. The Proofpoint analysis found that roughly 10% of breached accounts in Q4 2025 had malicious rules created within seconds of takeover. Rules are often given minimal or nonsensical names and configured to delete messages or move them to low-visibility folders to evade detection. Defensive steps include disabling external auto-forwarding, enforcing MFA, monitoring OAuth and promptly removing malicious rules and revoking sessions.
read more →

Weaponizing SaaS Notification Pipelines for Phishing

🔔 Cisco Talos observed a rise in campaigns that weaponize SaaS notification pipelines in collaboration platforms to deliver phishing and credential‑harvesting lures. Attackers embed malicious content in GitHub commit messages and in user‑configurable Jira project fields so automated notifications, signed by the platforms, bypass SPF, DKIM, and DMARC checks. Talos describes this as a Platform‑as‑a‑Proxy (PaaP) abuse and recommends moving to Zero‑Trust, instance‑level verification, and API telemetry to detect and block these attacks.
read more →

Microsoft Links Classic Outlook Bug to Email Delivery Issues

📧 Microsoft is investigating a known issue that prevents some Classic Outlook users from sending messages via Outlook.com, causing non-delivery reports that indicate permission errors (0x80070005-0x0004dc-0x000524). The problem is more likely when the Outlook.com account is an Outlook profile linked to another Exchange account or when an Exchange Online mail contact shares the same SMTP address. Microsoft published temporary workarounds — remove the M365 account Address Book, hide the Outlook.com contact in the Global Address List, create a fresh Classic profile with only the affected account, or use the New Outlook client or webmail until a permanent fix is deployed.
read more →

Amazon SES Mail Manager Adds mTLS, TLS Options and Actions

📧 Amazon Simple Email Service Mail Manager now supports optional TLS (including STARTTLS) and certificate-based mutual TLS (mTLS) on Ingress Endpoints, plus two new rule actions: Invoke Lambda function and Bounce. These additions let organizations preserve compatibility with legacy email systems while implementing stronger authentication and custom processing workflows. The Invoke Lambda action enables direct serverless email processing and automation, and the Bounce action issues RFC-compliant SMTP responses to senders. The features are available today in all Regions offering SES Mail Manager except the Middle East (UAE and Bahrain).
read more →