< ciso
brief />
Tag Banner

All news with #email security tag

76 articles · page 2 of 4

Spammers Abuse Yandex Surveys to Host Phishing Campaigns

⚠️ Kaspersky researchers have observed threat actors abusing Yandex Surveys to host phishing content and evade email filters by leveraging the platform's legitimate domain reputation. Attackers embed fraudulent pitches and malicious links in rich-text survey blocks, add official-looking logos, then hide interface elements with invisible padding; Kaspersky Premium blocked about 2,200 such messages in January and over 32,000 in February. Recipients who follow the links land on polished giveaway pages that harvest personal data, wallet addresses, or payments.
read more →

Microsoft fixes Outlook sync bug affecting Gmail users

🔧 Microsoft has resolved a known issue that caused Classic Outlook to stop syncing Gmail and Yahoo accounts and to show 0x800CCC0F and 0x80070057 error codes. Affected accounts reportedly stopped syncing on February 26, 2026; Microsoft says the fix was applied in the Microsoft 365 service, but some users may still see issues until their OAuth token expires. As a temporary workaround, Microsoft recommends deleting the affected email address entries under the Identities key at Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity\Identities to force a sign-in prompt.
read more →

Phishers Using Bubble No-Code Platforms for Redirects

🔗 Phishers are exploiting the Bubble no-code app builder to host web apps whose URLs appear legitimate and thus evade email filters. The platform’s dense JavaScript and Shadow DOM output confuses automated scanners, masking simple redirects to credential-harvesting pages. These Bubble-hosted apps are embedded in phishing messages and lead victims to convincing Microsoft sign‑in clones. Organizations should combine user training with endpoint protections and gateway anti-phishing controls to reduce risk.
read more →

Azure Monitor alerts abused for callback phishing campaigns

⚠️ Microsoft Azure Monitor alerts are being abused to distribute callback phishing messages that impersonate billing and security notices. Attackers create alert rules with custom descriptions and configure them to send emails to lists they control, causing legitimate azure-noreply@microsoft.com messages to reach targets and pass SPF/DKIM/DMARC checks. Recipients are urged to call listed numbers, a tactic that can lead to credential theft, payment fraud, or remote access compromise.
read more →

Latest Microsoft Email Security Benchmark Findings

🛡️ Microsoft published updated email security benchmarks comparing Defender, secure email gateways (SEGs), and integrated cloud email security (ICES) solutions. The data shows Microsoft Defender removes an average of 70.8% of malicious email post-delivery, with ICES partners contributing the remaining 29.2% of post-delivery remediation. Layering matters: integrated ICES solutions improve marketing and bulk filtering by an average of 13.7%, while incremental gains for spam and malicious filtering were modest (around 0.29% and 0.24% respectively). The report also compares misses per 1,000 users, showing Defender had fewer high-severity misses than several evaluated SEG vendors.
read more →

Extortion Emails Sent to HungerRush Restaurant Customers

🔔 Customers of restaurants using HungerRush, a provider of POS, online ordering, delivery, and payment services, reported receiving mass extortion emails claiming millions of customer records would be exposed if the company did not respond. The messages were delivered via Twilio SendGrid infrastructure and, according to headers, passed SPF, DKIM, and DMARC checks for the hungerrush.com domain. Security researchers also reported an earlier infostealer infection on an employee device that allegedly harvested corporate credentials, though a direct link to a confirmed breach has not been established. Customers should be vigilant for targeted phishing and SMS scams that may leverage any exposed data.
read more →

Cloudy LLM Explanations Expand across Cloudflare One

☁️ Cloudflare’s new Cloudy layer uses LLMs to translate complex security telemetry into concise, human-readable guidance inside Cloudflare One. It generates plain-language explanations for Email Security detections and structured Risk + Guidance summaries for CASB findings to help teams act faster. Phishnet reporting will surface real-time Cloudy summaries via Workers AI to reduce SOC noise and guide end users. Microsoft beta starts soon, with wider rollouts and Google Workspace support planned.
read more →

Preventing Business Email Compromise: Practical Steps

🔒Business email compromise (BEC) is a high-impact social engineering threat that targets organizations' financial and identity workflows. The article outlines pragmatic defenses: enforce MFA, validate DMARC/DKIM/SPF, deploy advanced phishing and spoofing filters, and maintain continuous security awareness training with simulated attacks. It also recommends dual-approval for large transfers, stricter help-desk verification, and monitoring for anomalies such as mailbox forwarding rules, impossible-travel logins, and last-minute bank-detail changes to accelerate detection and response.
read more →

Phishing Abuse of Google Tasks to Steal Credentials

🔔 Attackers are abusing Google Tasks notifications to bypass email filters and trick employees into submitting corporate credentials. Recipients receive legitimate-looking @google.com notices urging urgent action and a link to a credential-harvesting form. Organizations should train staff, maintain clear lists of authorized services, and consider mail gateway security and endpoint protection to block phishing sites. Use tools like Kaspersky Automated Security Awareness Platform to automate training.
read more →

Unzipping the Threat: Blocking Malware in ZIP Files

🔐 Cyber attackers are increasingly embedding malware inside password-protected ZIP archives and splitting the delivery chain by sending the archive via email while transmitting the password out-of-band (SMS or messaging apps). Traditional scanners struggle to inspect these encrypted attachments. New Threat Emulation capabilities can now inspect and block malicious ZIP files without requiring the password, closing the delivery gap. This reduces reliance on manual password sharing and strengthens perimeter defenses.
read more →

Exchange Online flags legitimate emails as phishing

📧 Microsoft is investigating an ongoing Exchange Online issue that is mistakenly marking legitimate email messages as phishing and quarantining them. The problem began on February 5 and continues to disrupt customers' ability to send and receive mail. Microsoft traced the fault to a newly introduced URL rule that incorrectly classifies certain links as malicious. The company is releasing quarantined messages and working to unblock legitimate URLs while it completes remediation.
read more →

Drowning in Spam? Ten Reasons and How to Stop It Now

📧 Inboxes can be overwhelmed by spam and scams for many reasons, from large-scale data breaches and web scraping to updated scam kits and AI-assisted phishing that evade filters. Attackers use these feeds to deliver malspam, impersonate trusted brands, or bury critical alerts through email bombing. Reduce exposure by keeping profiles private, using email-masking services, avoiding replies or unsubscribe links, and deploying reputable security software with layered anti-phishing and anti-spam protections.
read more →

Filling Common Gaps in Google Workspace Security Posture

🔒 Security teams at fast-growing companies must secure collaboration platforms without slowing the business. This piece highlights common native gaps in Google Workspace—from BEC and targeted phishing to legacy protocol exposure and weak OAuth controls—and lists immediate hardening steps for Gmail, access, and data protection. It also outlines how Material augments Workspace with advanced email defense, context-aware account monitoring, and automated data protection.
read more →

Seven Priority Cybersecurity Projects for CISOs in 2026

🔒 As CISOs prepare for 2026, seven pragmatic projects can strengthen defenses against evolving threats. Priorities include transforming identity and access to cover human and non-human agents and reinforcing email security. Organizations should leverage AI for vulnerability discovery and security automation, enforce enterprise AI governance, adopt a zero-trust-by-default posture, and unify data governance to reduce shadow data and compliance gaps.
read more →

Cisco patches critical zero-day in email gateway products

⚠️ Cisco has released patches for a critical zero-day, CVE-2025-20393, in AsyncOS that affects Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. The flaw allows a remote attacker to gain root by sending a crafted HTTP request to the Spam Quarantine interface when it is enabled and reachable from the internet. Cisco first learned of exploitation in December, issued a public advisory on Dec. 17, and has now published fixes to address the issue.
read more →

Cisco Patches AsyncOS Zero-Day Targeting SEG/SEWM Appliances

🔒 Cisco has released a fix for a maximum‑severity AsyncOS zero‑day (CVE-2025-20393) that has been exploited since November 2025. The flaw impacts Cisco Secure Email Gateway and Secure Email and Web Manager appliances with non-standard configurations when the Spam Quarantine feature is exposed to the internet, permitting arbitrary command execution as root. Cisco Talos links the intrusions to a Chinese-nexus actor tracked as UAT-9686, which deployed persistence and tunneling implants and a log-wiping utility. CISA has added the vulnerability to its known exploited vulnerabilities catalog and ordered federal remediation under BOD 22-01.
read more →

Cisco patches critical AsyncOS RCE exploited by APT

🔒 Cisco has released patches for a maximum-severity remote command execution vulnerability (CVE-2025-20393, CVSS 10.0) in AsyncOS that affects Cisco Secure Email Gateway and Secure Email and Web Manager. The defect stems from insufficient validation of HTTP requests in the Spam Quarantine feature and can allow arbitrary commands to run as root when the feature is enabled and reachable from the internet. Cisco says a China-nexus APT tracked as UAT-9686 exploited the bug in the wild, deploying tunneling tools, a log-cleaner and a Python backdoor, and that fixes remove persistence artifacts. Administrators should apply the provided fixed releases and follow the vendor's hardening guidance to restrict access and monitor for anomalous activity.
read more →

Phishing Click Rates Mislead; Focus on Containment

🔐 Many security teams rely on click rates to judge phishing risk, but that metric is volatile and often fails to predict real-world harm. The article argues that true maturity is measured by what an attacker can do after gaining mailbox access, not by simulated click statistics. It urges a layered approach—prevention, detection, and especially containment—and highlights Material Security as an example of automated remediation that reduces blast radius without constant manual triage.
read more →

Phishing attackers exploit email routing and spoofing gaps

📧 Microsoft Threat Intelligence warns attackers are increasingly abusing complex email routing and misconfigured DMARC and SPF policies to make phishing messages appear internal. Campaigns exploit MX records that do not point directly to Microsoft 365, allowing messages with the recipient's address in both To and From fields to bypass filters. Lures include password resets and shared-document notices, and some attacks use Phishing-as-a-Service platforms such as Tycoon 2FA to perform Adversary-in-the-Middle attacks that can defeat MFA. Microsoft recommends strict DMARC reject policies, SPF hard-fails, correct connector configuration, and phishing-resistant MFA like FIDO2.
read more →

Phishing Exploits Misconfigured MX Records in M365 Now

📧 Microsoft Threat Intelligence warns of a surge in phishing campaigns that exploit misconfigured mail routing and domain spoofing protections to make malicious messages appear internal to Microsoft 365 tenants. Attackers target users with HR- and IT-themed lures to steal credentials, often pairing the technique with phishing-as-a-service kits like Typhoon2FA. The vector depends on tenants whose MX records are not pointed directly at Office 365, bypassing built-in spoof detection. Organizations should correct MX configuration, enforce DMARC and deploy phishing-resistant MFA for privileged roles.
read more →