Microsoft Resolves Machine Learning Glitch Misclassifying Adobe Emails as Spam
In a recent incident, Microsoft addressed a machine learning bug in Exchange Online that erroneously flagged legitimate Adobe emails as spam. This issue highlights the ongoing challenges in AI-driven ...
AI-Powered Polymorphic Phishing Is Changing the Threat Landscape https://www.securityweek.com/ai-powered-polymorphic-phishing-is-changing-the-threat-landscape/ #ArtificialIntelligence #artificialinteligence #EmailSecurity #Phishing #phishing #AI
AI-Powered Polymorphic Phishing Is Changing the Threat Landscape https://www.securityweek.com/ai-powered-polymorphic-phishing-is-changing-the-threat-landscape/ #ArtificialIntelligence #artificialinteligence #EmailSecurity #Phishing #phishing #AI
It may be April, but don’t let cyber threats rain on your parade!
Tip of the Week: Regularly update your software and security settings to patch vulnerabilities and stop malware from blooming in your system.
Legacy Google Service Abused in Phishing Attacks https://www.securityweek.com/legacy-google-service-abused-in-phishing-attacks/ #Googlephishing #EmailSecurity #emailsecurity #Phishing #phishing #OAuth
Legacy Google Service Abused in Phishing Attacks https://www.securityweek.com/legacy-google-service-abused-in-phishing-attacks/ #Googlephishing #EmailSecurity #emailsecurity #Phishing #phishing #OAuth
Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick https://gbhackers.com/fake-certificate-issued-for-alibaba-cloud/ #CyberSecurityNews #EmailSecurity #cybersecurity #SSL/TLS #Email
Google Email Systems Spoofed by Phishing Campaign Reusing Valid DKIM Signatures
#Cybersecurity #Gmail #Phishing #DKIM #DMARC #EmailSecurity #Google #Spoofing #OAuth #InfoSec #CyberAttack
Phishers have found a clever way to spoof Google — and their emails pass all security checks.
A new DKIM replay phishing attack abuses Google’s own OAuth infrastructure to send fake messages that look 100% legitimate, including passing DKIM authentication.
What happened:
- A phishing email was sent from “no-reply@google.com”
- It appeared in the user’s inbox alongside real Google security alerts
- The message linked to a fake support portal hosted on sites[dot]google[dot]com — a Google-owned domain
- The attacker used Google OAuth to trigger a real security alert to their inbox, then forwarded it to victims
Why this matters:
- DKIM only verifies the headers, not the envelope — allowing this spoof to work
- The phishing site was nearly indistinguishable from Google’s actual login portal
- Because the message was signed by Google and hosted on a Google domain, it bypassed most users’ suspicions
- Similar tricks have been used with PayPal and other platforms, raising broader concerns
Google has since acknowledged the issue and is working on a fix. But this attack is a reminder:
Even the most secure-looking emails can be fraudulent.
Even Google-signed emails can be weaponized.
At @Efani, we advocate for layered defense — because no one layer is ever enough.
SVG Phishing Attacks Surge in 2025, Exploiting Image Files
#Cybersecurity #SVG #Phishing #InfoSec #CyberAttack #Malware #EmailSecurity #CyberCrime #ThreatIntel
https://winbuzzer.com/2025/04/21/svg-phishing-attacks-surge-in-2025-exploiting-image-files-xcxwbn/
Google DMARC reports are back! After going quiet since April 13, Google has resumed sending DMARC aggregate reports as of 19:15 UTC today. So far, the reports only include data from yesterday (April 16), but it is a good sign that things are starting to flow again.
Don't let the blooming flowers distract you from staying cyber safe this April!
Cozy Bear Strikes Again: Analyzing the Latest Cyberattack on German Research Institutions
In a chilling reminder of the ongoing cyber warfare landscape, Germany's intelligence agencies are investigating a suspected attack by the notorious APT 29 group, known as Cozy Bear. This incident hig...
Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to create a security system so easily disabled.
But, I realize it was NEVER designed to protect YOU from spam. It has ONE purpose. Protect corporations from being spoofed. Period. They set their DMARC to reject or quarantine emails from their domains that fail security. It works perfectly for this and ONLY this. They are protected. You, not so much, but you are not their concern.
It could have been easily expanded to kill spam by not allowing the checks to be ignored, but why should they? They are protected. Common attitude today by too many people.
Am I wrong?
#CyberSecurity #EmailSecurity
Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to create a security system so easily disabled.
But, I realize it was NEVER designed to protect YOU from spam. It has ONE purpose. Protect corporations from being spoofed. Period. They set their DMARC to reject or quarantine emails from their domains that fail security. It works perfectly for this and ONLY this. They are protected. You, not so much, but you are not their concern.
It could have been easily expanded to kill spam by not allowing the checks to be ignored, but why should they? They are protected. Common attitude today by too many people.
Am I wrong?
#CyberSecurity #EmailSecurity
Precision-validated phishing: The rise of sophisticated credential theft https://www.csoonline.com/article/3958633/precision-validated-phishing-the-rise-of-sophisticated-credential-theft.html #EmailSecurity #Phishing #Security
US bank regulator’s email system breached – Source: www.csoonline.com https://ciso2ciso.com/us-bank-regulators-email-system-breached-source-www-csoonline-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #emailsecurity #DataBreach #CSOonline #CSOOnline
AI Now Outsmarts Humans in Spear Phishing, Analysis Shows – Source: www.securityweek.com https://ciso2ciso.com/ai-now-outsmarts-humans-in-spear-phishing-analysis-shows-source-www-securityweek-com/ #rssfeedpostgeneratorecho #ArtificialIntelligence #artificialinteligence #CyberSecurityNews #securityweekcom #emailsecurity #securityweek #Cybercrime #agenticai #Phishing
Treasury’s OCC Says Hackers Had Access to 150,000 Emails – Source: www.securityweek.com https://ciso2ciso.com/treasurys-occ-says-hackers-had-access-to-150000-emails-source-www-securityweek-com/ #rssfeedpostgeneratorecho #CyberSecurityNews #securityweekcom #emailsecurity #securityweek #Government #FEATURED #Treasury #OCC
AI Now Outsmarts Humans in Spear Phishing, Analysis Shows https://www.securityweek.com/ai-now-outsmarts-humans-in-spear-phishing-analysis-shows/ #ArtificialIntelligence #artificialinteligence #EmailSecurity #Cybercrime #agenticAI #Phishing #phishing
