Latest coverage for Spam

Also, YellowKey Gets CVE, 7-Eleven Breach, Linux Maintainers Warn on AI Bug SpamThis week, more incidents than we can list here. Among them: cloned Shai-Hulud malware, a new maximum CVSS Cisco flaw. Edge to stop loading passwords in plaintext. Tycoon 2FA offers a way around Microsoft multifactor. Convenience, taquitos and data breach: The 7-Eleven story. A MENA crackdown.

Apple account change notifications are being abused to send fake iPhone purchase phishing scams within legitimate emails sent from Apple's servers, increasing legitimacy and potentially allowing them to bypass spam filters. [...]

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack

We uncover how a campaign used Atlassian Jira Cloud to launch automated and targeted spam campaigns, exploiting trusted SaaS workflows to bypass security controls.

The acquisition allows the credit reporting agency to add SMS spam and scam prevention to its robocall blocking capabilities.

A fresh wave of spam is hitting inboxes worldwide, with users reporting that they are once again being bombarded by automated emails generated through companies' unsecured Zendesk support systems. Some recipients say they are receiving hundreds of messages with strange or alarming subject lines. such as 'Activate account...' [...]

People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines. [...]

The CRM vendor advised ignoring or deleting suspicious emails and said the attacks were not tied to any breach or software vulnerability.

Security Experts See Coincidental Timing After Leak of Scraped Instagram User DataInstagram said a massive wave of password reset emails sent to its users traced to malicious abuse of a legitimate feature, but didn't result from any breach of its systems. Separately, security experts said a threat actor leaked 6.2 million users' email addresses, among other account information.

Negative feedback sinks Redmond's plan to cap outbound email recipients Microsoft has backed away from planned changes to Exchange Online after customers objected to limits designed to curb outbound email abuse.…

A Russian-speaking threat behind an ongoing, mass phishing campaign has registered more than 4,300 domain names since the start of the year

Cybersecurity researchers are calling attention to a large-scale spam campaign that has flooded the npm registry with thousands of fake packages since early 2024 as part of a likely financially motivated effort

PLUS: India’s tech services exports growing fast; South Korea puts the bite on TXT spam; NTT gets into autonomous vehicles; and more! Asia In Brief Chinese infosec blog MXRN last week reported a data breach at a security company called Knownsec that has ties to Beijing and Chinas military.…

ICO fined Bharat Singh Chand £200,000 after receiving 19,138 complaints Britain's data watchdog has fined a sole trader £200,000 for nearly a million spam texts targeting people in debt – almost 20 pence per message.…

Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale

Researchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanisms.

A Chinese-language threat actor uses every part of the kill: infecting Web servers with malware, poisoning sites with SEO spam, and stealing organizational data for follow-on attacks.

​Microsoft is working to resolve a known issue that causes an anti-spam service to mistakenly block Exchange Online and Microsoft Teams users from opening URLs and quarantine some of their emails. [...]

iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple's email servers, making them more likely to bypass spam filters to land in targets' inboxes. [...]

The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed's messages are getting blocked more because its methods of blasting email are increasingly way more spammy than that of ActBlue, the fundraising platform for Democrats.