KDDI Breach Affects Six Japanese ISPs, Exposes 14.2 Email Credentials
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
Stay secure with the latest email security updates, best practices, and threat alerts to protect your inbox and sensitive information.
Search across headline titles and summaries.
Background for this topic.
Email is a system for exchanging digital messages, typically using mail servers and clients over a network. In security, it includes both the messages and the accounts, servers, domains, and authentication mechanisms that handle them. Email commonly carries phishing links, malicious attachments, and fraudulent requests for payments or credentials; compromised accounts can also be used to impersonate trusted people and conduct further attacks.
Defenses include filtering and malware scanning, phishing-resistant multifactor authentication, careful handling of links and attachments, and monitoring for unusual login or sending activity. Domain controls such as SPF, DKIM, and DMARC help receiving systems detect messages that are forged or sent without authorization, while encryption protects message contents in transit or at rest when correctly implemented. Security teams should preserve relevant headers and mailbox activity so suspicious messages can be investigated, removed, and used to identify affected accounts and other recipients.
Weekly headline count for the current query.
Customers of the affected Japanese email services are “strongly advised” to change their email passwords
Half of cybersecurity leaders lack confidence in detecting threats on Slack, Teams and other non-email platforms, despite growing attacker focus
Meta confirms an AI tool vulnerability led to unauthorized access to Instagram accounts after a failure in email verification during password reset
Proton uses machine learning models to detect abuse of its services – especially email addresses used by cybercriminals
Malware campaign uses Ukrainian email service for credibility, deploying "BadPaw" to execute attacks
Phoney email alerts suggest users need to backup their LastPass accounts within 24 hours. LastPass says it would never require this action from users
Misconfigurations abused to make phishing emails look like they come from within the organization
DoorDash has confirmed an October 2025 data breach that exposed customer names, phone numbers, addresses and email details
LastPass warns customers it has not been breached, after phishing emails falsely claim a hack and urge users to update their desktop app
The attack, which is linked to ShinyHunters, has reportedly compromised data relating to 7.4 million unique email addresses
Reports of email phishing attempts impersonating the UK’s HM Revenue & Customs plummeted in the first half of 2025
Compromised data includes personal data such as patients’ full names, ages, phone numbers and email addresses
Barracuda observed new methods to disguise phishing links in Tycoon phishing attacks, which are designed to bypass automated email security systems
A malicious npm package “nodejs-smtp” has been discovered impersonating nodemailer and injecting code to drain crypto wallets
Abnormal AI said gaining access to such accounts provides opportunities for sophisticated fraud schemes that impersonate officials
Russian military intelligence-linked hackers are using a new malware called “Authentic Antics” to secretly access Microsoft cloud email accounts, the UK's NCSC reports
A new malware campaign uses GitHub to deliver payloads via Amadey botnet, bypassing email distribution
Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email
EasyDMARC found that just 7.7% of the world’s top 1.8 million email domains have implemented the most stringent DMARC policy
In Operation RoundPress, the compromise vector is a spearphishing email leveraging an XSS vulnerability to inject malicious JavaScript code into the victim's webmail page