Microsoft Exchange Flaw Lets Attackers Spoof Any Email Address
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
“Ghost-Sender" is the result of a widespread misconfiguration, according to researchers, and evidence indicates it's being actively abused in the wild.
Researchers uncovered a 230-node cloud-based email relay network after the actor PCPJack accidentally exposed tools, logs, and C2 files online A threat actor tracked as PCPJack compromised 230 cloud servers across Amazon Web Services, Google Cloud, and Microsoft Azure and turned them into a covert email relay network. Hunt.io researchers discovered the operation because PCPJack […]
Microsoft has warned of a multi‑stage adversary‑in‑the‑middle (AitM) phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector
Cybersecurity researchers have discovered a malicious npm package that comes with stealthy features to inject malicious code into desktop apps for cryptocurrency wallets like Atomic and Exodus on Windows systems
Cybersecurity researchers are calling attention to phishing campaigns that impersonate popular brands and trick targets into calling phone numbers operated by threat actors
Hackers Can Use Unverified Email to Log onto SaaS Apps With Entra IDA flaw in a Microsoft single sign-on feature allowing cloud app account takeovers discovered in 2023 never really went away, say researchers - notwithstanding a computing giant claim that it almost immediately fixed the vulnerability known as nOAuth.
Researchers have found a flaw in Microsoft 365 Copilot that allows the exfiltration of sensitive corporate data with a simple email
Cybersecurity researchers have discovered a new phishing campaign that's being used to distribute malware called Horabot targeting Windows users in Latin American countries like Mexico, Guatemala, Colombia, Peru, Chile, and Argentina
Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses
Cybersecurity researchers are warning about malicious email campaigns leveraging a phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA with an aim to steal Microsoft 365 account credentials
Cybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts
A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when opening a specially crafted file
A recent email compromise by Chinese APT group Storm-0558 highlights a lack of access to security logging by many Microsoft 365 license holders, prompting calls from researchers to abolish it.
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email. [...]
New research has disclosed what's being called a security vulnerability in Microsoft 365 that could be exploited to infer message contents due to the use of a broken cryptographic algorithm
Security researchers at WithSecure have discovered it's possible to partially or fully infer the contents of encrypted messages sent through Microsoft Office 365, highlighting an intrinsic weakness in the encryption scheme used. [...]
The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services have also set their sights on Google Workspace users
Google researchers say the nation-state hacking team is now employing a data-theft tool that targets Gmail, Yahoo!, and Microsoft Outlook accounts using previously acquired credentials.
Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems