Email security

Included in the severe Roundcube vulnerabilities were the cross-site scripting issues, tracked as CVE-2024-42008 and CVE-2024-42009, as well as the information disclosure bug, tracked as CVE-2024-42010, an analysis from Sonar revealed.

Attackers using an email address similar to one of the organization's suppliers were able to lure the firm to pay $42.3 million to a Timor Leste-based account, which was only realized to be fraudulent after complaints from the real supplier, reported Interpol.

Such email addresses, which are included in a 14 GB CSV file, have been scraped by USDoD last month following stealer log and combolist parsing.

GenAI’s role in phishing and scams continues to raise concerns as overall spam volume rises.

Millions of phishing emails impersonating IBM, Nike, Coca-Cola, and other major organizations have been deployed through the abuse of a Proofpoint email routing vulnerability as part of the EchoSpoofing attack campaign that began in January, reports The Hacker News.

Barracuda researchers discovered phishing links “wrapped” by legitimate URL protection services.

The U.S., Russia, and Canada accounted for most of the vulnerable Exim servers, which are on versions 4.97.1 or earlier, according to a report from Censys.

Organizations affected by the breach have been urged by security researcher and former Microsoft employee Kevin Beaumont to be vigilant of the emails, which were not sent in adherence to the Microsoft 365 breach process.