Stay secure with the latest email security updates, best practices, and threat alerts to protect your inbox and sensitive information.
Search across headline titles and summaries.
Background for this topic.
Email is a method of exchanging digital messages across the internet or other computer networks. Within the context of information security, email is a significant vector for cyber threats, such as phishing attacks, malware distribution, and information leaks. Email security encompasses the practices and technologies used to protect email accounts and communications from unauthorized access, compromise, or theft.
Emails can contain sensitive data, including personal information, corporate secrets, and financial details that can be exploited by cybercriminals. As such, protecting email systems involves implementing advanced security measures like encryption, anti-spam filters, anti-virus protection, and secure email gateways. Moreover, it includes educating users on safe email practices to prevent social engineering schemes, which often rely on human error to succeed.
Weekly headline count for the current query.
A development flag left switched on in production builds of several Microsoft 365 Android apps disabled the check that limits account-token sharing to trusted Microsoft apps
A threat actor got a near-continuous view into an influential finance executive's email inbox, thanks to clever use of legitimate, native Windows tools.
Microsoft is working to address a widespread service issue affecting the mail flow pipeline for Exchange Online customers across North America and Germany. [...]
Attackers exploited Meta’s AI support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. Attackers abused Meta’s AI-powered support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. The issue affected several users, including high-profile accounts, before Instagram fixed the flaw. Security researcher Jane Wong and other […]
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers Signal Phishing Campaign Targets Journalists and […]
What Claude Mythos Reveals About AI Capability, Control and RiskA researcher's phone buzzed with an email from an AI that wasn't supposed to have internet access. The real story isn't about rogue machines; it's about what happens when AI capability outpaces our ability to interpret, validate and govern it.
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is […]
Malware Targeted macOS Users Visiting Patel Foundation Merchandise PageTwo months after Iran-linked hackers exfiltrated FBI Director Kash Patel's personal email, the government official's name is tangled up in another cyber incident, this time through a MAGA swag shop he co-founded. ClickFix malware on the site tried to trick shoppers into running a malicious command.
Leakage blamed on treacherous friends exposed unencrypted credentials, email addresses
The AI systems shipping inside enterprises today are fundamentally different from the ones we were building even two years ago, because they have moved well past answering questions and into accessing your email, retrieving records from your CRM, writing and executing code, and taking actions on your behalf across dozens of connected systems. The post Introducing RAMPART and Clarity: Open source tools to bring safety into Agent development workflow appeared first on Microsoft Security Blog.
Critical security vulnerabilities have been disclosed in SEPPMail Secure E-Mail Gateway, an enterprise-grade email security solution, that could be exploited to achieve remote code execution and enable an attacker to read arbitrary mails from the virtual appliance
What happens when a phishing email looks clean enough to pass through security, but dangerous enough to expose the business after one click? That is the gap many SOCs still struggle with: the attacks that leave teams unsure what was exposed, who else was targeted, and how far the risk has spread
Microsoft has disclosed a new security vulnerability impacting on-premise versions of Exchange Server that it said has come under active exploitation in the wild
Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution
The hardest part of cybersecurity isn't the technology, it’s the people
Vimeo points finger at analytics supplier Anodot, says no logins or card data were touched More than 119,000 Vimeo users's email addresses were extracted in a breach traced to a third-party analytics vendor, according to Have I Been Pwned.…
Microsoft has disclosed details of a large-scale credential theft campaign that has leveraged a combination of code of conduct-themed lures and legitimate email services to direct users to attacker-controlled domains and steal authentication tokens
Cybersecurity firm Kaspersky reports that the Amazon Simple Email Service (SES) is being increasingly abused to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. [...]
The Amazon Simple Email Service (SES) is being increasingly abused, a cybersecurity company's telemetry data shows, to send convincing phishing emails that can bypass standard security filters and render reputation-based blocks ineffective. [...]
32 phone calls, 17 email chains, a 5-day ordeal, and no help during the daddy of all stuffups, claim those affected GoDaddy is currently investigating claims that it handed complete control of a valid 27-year-old domain to another customer, without requiring them to pass any authentication processes or upload any supporting documents.…