Threat actors are deploying sophisticated phishing campaigns targeting Latin American users via weaponized HTML files. These files deliver the Horabot malware, which combines credential theft, email automation, and banking Trojan capabilities. This highlights a significant email security threat leveraging novel attachment types for malware delivery and data compromise.
Read OriginalDPRK-linked TA406 group is actively targeting Ukrainian government entities with sophisticated phishing campaigns. These attacks are designed to steal login credentials and deploy reconnaissance malware, representing a significant cyber espionage threat leveraging email vector against government targets.
Read OriginalXanthorox is a new, purpose-built AI platform identified in April 2025, designed specifically to facilitate cybercrime. This self-hosted tool is intended for launching sophisticated phishing and malware attacks. Its emergence signifies an escalation in the cyber threat landscape, posing increased challenges for defending against email-based threats.
Read OriginalHardening Windows Server 2025 is essential to prevent sophisticated cyber threats and exploits. Leveraging the enhanced security features in the new server version helps protect critical infrastructure. This foundational security measure is crucial for preventing breaches and mitigating risks, as compromised servers can be vectors for or targets of email-borne attacks like malware and phishing.
Read OriginalNew phishing campaigns are employing sophisticated tactics like abusing trusted domains, using real CAPTCHAs, and performing live server-side email validation. This allows attackers to selectively target victims and present highly customized fake login pages, significantly increasing the success rate of these targeted attacks. The use of legitimate infrastructure and validation makes these phishing attempts harder to detect and mitigate through traditional email security measures.
Read OriginalA recent phishing campaign is exploiting open redirect vulnerabilities on trusted domains like google.com to create malicious links that bypass email security checks. This recurring issue allows attackers to hide phishing destinations behind legitimate URLs, increasing the risk of users clicking and potentially compromising their data.
Read OriginalPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing The Have I Been Pwned Alpine Grand Tour is upon us! I've often joked that work is always either sitting at my desk at home in isolation or on the other side of the world, and so it is with this trip. As we've done with
Read OriginalPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing For many years, people would come to Have I Been Pwned (HIBP), run a search on their email address, get the big red "Oh no - pwned!" response and then... I'm not sure. We really didn't have much guidance until we partnered with 1Password
Read OriginalPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing Today we welcome the 39th government and first self-governing British Crown Dependency to Have I Been Pwned, The Isle of Man. Their Office of Cyber-Security & Information Assurance (OCSIA) now has free and open access to query the government domains of their jurisdiction. We're delighted and encouraged to
Read OriginalA Chinese company developed an AI submersible boasting advanced speed, depth, and endurance capabilities, marketed for civilian research despite capabilities raising potential military concerns. Based on the provided article content, this physical technology and its development have no direct relevance to email security topics such as phishing, malware, data breaches, or email authentication.
Read OriginalFake students utilizing AI-generated work are enrolling in community colleges to steal financial aid, exploiting open admissions and difficulties in detecting their false identities. This fraud likely involves exploiting vulnerabilities in digital identity verification and communication systems, potentially relying on compromised accounts or bypassing processes typically tied to email. The challenge in identifying these bots underscores the critical need for robust cybersecurity, including enhanced authentication and securing email channels used for administrative processes and financial disbursements.
Read OriginalPasskeys provide a secure, password-free method to log into online accounts, making them resistant to common threats like phishing and data breaches. This enhanced security is crucial for accounts linked to email, preventing compromise that could be leveraged for further cyberattacks or data theft.
Read OriginalPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing Looking back at this week's video, it's the AI discussion that I think about most. More specifically, the view amongst some that any usage of it is bad and every output is "slop". I'm hearing that much more broadly lately, that AI
Read OriginalPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing I love a good road trip. Always have, but particularly during COVID when international options were somewhat limited, one road trip ended up, well, "extensive" . I also love the recent trips Charlotte and I have taken to spend time with many of the great agencies we've
Read OriginalPresently sponsored by: Malwarebytes Browser Guard blocks phishing, ads, scams, and trackers for safer, faster browsing Today, we're happy to welcome the Gambia National CSIRT to Have I Been Pwned as the 38th government to be onboarded with full and free access to their government domains. We've been offering this service for seven years now , and it enables national CSIRTs to gain
Read Original