All news with #email security tag

🧯 Cisco Talos warns of extensive abuse of CSS to insert hidden “salt” — extraneous characters, comments and markup — into email preheaders, headers, attachments and bodies to evade detection. This hidden text salting technique is significantly more common in spam and malicious mail than in legitimate messages, undermining both signature and ML-based defenses. Talos advises detecting concealed content and, crucially, stripping or normalising that salt before passing messages to downstream engines, while also urging attention to longer-term strategic decision-making in cyber defense.

🧂 Cisco Talos documents growing abuse of CSS to insert visually hidden 'salt' into emails, a technique that undermines parsing and language-detection systems. Observed across preheaders, headers, attachments and bodies between March 1, 2024 and July 31, 2025, attackers use CSS properties (font-size, opacity, display, clipping) and zero-width characters to conceal irrelevant content. Talos recommends detection plus HTML sanitization and filters—examples include Cisco Secure Email Threat Defense—to strip or ignore invisible content before downstream analysis.

📄 Researchers at Varonis have identified a sophisticated phishing toolkit called MatrixPDF that embeds prompts, JavaScript, and external redirects inside seemingly legitimate PDF files to target Gmail users. Attackers exploit Gmail's preview and desktop PDF readers: a blurred preview displays a prompt to 'open secure document' that directs victims to external payloads, while embedded scripts can fetch malware if a user grants permission. Because the malicious content is only retrieved after user interaction, Gmail's automated scanners and attachment sandboxes can be bypassed. Security experts recommend stronger webmail controls, robust attachment sandboxing, endpoint detection, and frequent, realistic user awareness training.

📄 Researchers at Varonis have discovered MatrixPDF, a toolkit that disguises malicious web redirects and scripts inside seemingly benign PDFs to bypass Gmail filters. The files use blurred content, overlays and convincing prompts such as “Open Secure Document” to trick users into opening external sites. In some cases embedded JavaScript can auto-fetch payloads when a reader grants permission. Because Gmail treats preview clicks as user-initiated, these PDFs often evade email scanners and sandboxes.

📧 Cloudflare announced the private beta of its Email Sending capability, integrated into Workers so developers can send transactional emails directly from serverless code using a simple binding. The service complements existing Email Routing to provide a unified Email Service for both inbound and outbound flows, automates SPF/DKIM/DMARC setup to boost deliverability, and offers local testing, observability, and low-latency global delivery.

📅 iCloud Calendar invites are being abused to send callback phishing emails that appear to originate from Apple's servers and pass SPF, DKIM, and DMARC checks. Attackers embed phishing content in the event Notes and invite a Microsoft 365 forwarding address so the message is relayed to targets while Apple remains the visible sender. Treat unexpected calendar invites with unusual messages or requests cautiously; calling listed numbers or granting remote access can lead to fraud, malware, or data theft.

📧 The FTC chairman sent a letter to Google’s CEO asking why Gmail flagged Republican fundraising messages as spam while allegedly allowing similar Democratic messages through. Email-intelligence firms report that WinRed has triggered far more spamtraps than ActBlue, driven by aggressive list and delivery practices that degrade sender reputation. Blocklists and reputation signals, not political content, explain many filtering outcomes, experts say. The dispute highlights both operational deliverability risks for campaigns and potential regulatory overreach.