Email Security Archives • Daily CyberSecurity

Scammers Weaponize Amazon SES to Bypass Security Amazon SES Phishing AWS IAM Credential Leak

Scammers Weaponize Amazon SES to Bypass Security

Do Son May 5, 2026

A recent report from Kaspersky Labs reveals a disturbing surge in phishing campaigns leveraging Amazon Simple Email...

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover mailcow XSS CVE-2026-40872

Mailcow Critical Alert: Unauthenticated XSS Threatens Admin Takeover

Do Son April 23, 2026

The popular open-source groupware suite mailcow: dockerized is facing a high-stakes security challenge. A critical Stored Cross-Site...

Attackers Weaponize Mailbox Rules to Control Your Inbox M365 Persistence Malicious Mailbox Rules

Attackers Weaponize Mailbox Rules to Control Your Inbox

Do Son April 15, 2026

In the modern landscape of Microsoft 365 security, the most dangerous threat might not be a sophisticated...

Hackers Use Jira Notifications to Bypass Spam Filters Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Layoff Phishing Scam Remcos RAT Malware Aruba Phishing, Phishing-as-a-Service PyPI, phishing CVE-2024-25608 PyPI Phishing, Credential Theft

Hackers Use Jira Notifications to Bypass Spam Filters

Do Son February 18, 2026

A new spam campaign is slipping past enterprise defenses by wearing a disguise that most security filters...

Triple Threat Patched: Zimbra 10.1.16 Fixes XSS, XXE & LDAP Injection

Do Son February 13, 2026

Zimbra has rolled out a significant security update for its collaboration suite, releasing Zimbra 10.1.16 to address...

Cisco SD-WAN Vulnerability CVE-2026-20133 FortiGate Compromise Ivanti EPMM Zero-Day CVE-2026-1281 SmarterMail Vulnerability Storm-2603 WatchGuard Zero-Day, IKEv2 Out-of-Bounds Write Cisco Zero-Day, UAT-9686 Chinese APT FortiWeb RCE Exploitation CVE-2025-58034 VMware Zero-Day, Privilege Escalation Sitecore, remote code execution CVE-2025-53690 Windows CLFS, Privilege Escalation CVE-2024-47575 & CVE-2024-11120 CVE-2025-24983 vulnerability

Email Under Siege: Storm-2603 Exploits SmarterMail to Deploy Warlock Ransomware

Do Son February 13, 2026

A new report from ReliaQuest has uncovered a dangerous alliance between a China-based threat actor and a...

Signed” Sealed, Delivered: Cybercriminals Abuse PayPal and Apple to Bypass Email Security DKIM Replay Attack Invoice Phishing

Signed” Sealed, Delivered: Cybercriminals Abuse PayPal and Apple to Bypass Email Security

Do Son February 11, 2026

Phishing attacks have evolved beyond poorly spelled emails and suspicious links. A new report by Kaseya (featuring...

Vercel Blob Phishing PDF Phishing Campaign

Cloud-Hosted Trap: Phishers Use Vercel & Telegram to Bypass Filters

Do Son February 6, 2026

Phishing attacks have evolved from simple “click here” links to complex, multi-stage puzzles designed to baffle security...

“Exfil Out&Look” Flaw Lets Spies Steal Emails via OWA Undetected Exfil Out&Look Microsoft 365 Logging Gap Outlook Classic KB5074109 freeze, January 2026 POP3 PST bug Outlook Classic POP3 freeze, KB5074109 Windows 11 bug Outlook, CPU Usage Outlook lag Outlook Lite discontinued

Exfil Out&Look Microsoft 365 Logging Gap Outlook Classic KB5074109 freeze, January 2026 POP3 PST bug Outlook Classic POP3 freeze, KB5074109 Windows 11 bug Outlook, CPU Usage Outlook lag Outlook Lite discontinued

“Exfil Out&Look” Flaw Lets Spies Steal Emails via OWA Undetected

Do Son February 2, 2026

A gaping blind spot in Microsoft 365’s logging capabilities allows attackers to steal sensitive emails without leaving...

The “WorkMail Pivot”: Hackers Abuse AWS WorkMail to Bypass SES Sandbox AWS WorkMail Abuse SES Sandbox Bypass

The “WorkMail Pivot”: Hackers Abuse AWS WorkMail to Bypass SES Sandbox

Do Son January 30, 2026

A new investigation by Rapid7 reveals that cybercriminals have found a clever way to bypass the strict...

The End of the Unified Inbox: Gmail Kills POP3 Fetching and Gmailify in 2026 Gmail Mobile E2EE Gmail POP3 support end 2026, Gmailify deprecated January 2026 Gmail spam filter, political bias

Gmail Mobile E2EE Gmail POP3 support end 2026, Gmailify deprecated January 2026 Gmail spam filter, political bias

The End of the Unified Inbox: Gmail Kills POP3 Fetching and Gmailify in 2026

Do Son January 8, 2026

Google recently revised its support documentation to announce that Gmail has formally rescinded support for retrieving messages...

Microsoft Warns of Surge in Internal Domain Spoofing Internal Phishing Attacks Tycoon2FA

Microsoft Warns of Surge in Internal Domain Spoofing

Do Son January 7, 2026

A wave of sophisticated phishing attacks is hitting organizations by exploiting a classic weakness: the trust users...

shell-quote command injection AI-Driven Vulnerabilities Q1 2026 Cyber Threats vm2 Sandbox Escape Node.js RCE upKeeper Privilege Escalation CVE-2026-2449 Pharos Controls Vulnerability Root Access Exploit Cybersecurity Vulnerability Roundup CVSS 10.0 Flaws Shadow Archives CVE-2026-0866 MS-Agent Prompt Injection CVE-2026-2256 basic-ftp Path Traversal CVE-2026-27699 telnetd Root Vulnerability CVE-1999-0073 Regression USR-W610 Vulnerabilities End-of-Life IoT Security IceWarp Security Update IceWarp Vulnerabilities Airleader Master Vulnerability CVE-2026-1358 ZLAN5143D Vulnerability CISA ICS Advisory Acronis Cyber Protect Vulnerability CVE-2025-30411 WAGO 852 Vulnerability OT Network Security SandboxJS Vulnerability Sandbox Escape (CVSS 10.0) Kubernetes Local Path Provisioner CVE-2025-62878 CISA Unresponsive Vendors Avation & RISS Vulnerabilities KiloView Vulnerability CVE-2026-1453 OpenClaw RCE vulnerability Johnson Controls Vulnerability CVE-2025-26385 SandboxJS Vulnerability CVE-2026-23830 ibaPDA Vulnerability CVE-2025-14988 Protobuf Vulnerability CVE-2026-0994 AVEVA Process Optimization Vulnerability CVE-2025-61937 ConnectWise PSA Vulnerability CVE-2026-0695 Aruba VIA Vulnerability CVE-2025-37186 aiohttp v3.13.3, Denial of Service (DoS) SmarterMail RCE, CVE-2025-52691 Airoha RACE, Headphone Jacking HPE OneView RCE CVE-2025-37164 FreePBX Auth Bypass, PBX Takeover ScreenConnect Config Flaw, Untrusted Extensions Ruby SAML Auth Bypass, XML Parser Differential Devolutions SQL Injection, Password Manager Flaw Vivotek Unauthenticated RCE, EOL IP Camera Flaw Lynx+ Critical Flaw, Unauthenticated Reset Firebox Default Credentials, CVE-2025-59396 Veeder-Root RCE, Critical ATG Flaw ArcGIS Server SQLi Watchdoc RCE, CVE-2025-58384 Delta DIALink Daikin Security Gateway, authentication bypass Frostbyte10, industrial controller security SunPower, vulnerability Ubiquiti UniFi Connect, EV Station Vulnerabilities Adobe Experience Manager, RCE Vulnerability UniFi Access, Command Injection LDAPNightmare - CVE-2025-1316

CVE-2025-52691 (CVSS 10): Critical SmarterMail Flaw Opens Servers to Unauthenticated Attacks

Do Son December 30, 2025

The Cyber Security Agency of Singapore (CSA) has issued an urgent alert regarding a catastrophic vulnerability in...

Zimbra Under Siege: High-Severity LFI Vulnerability Exposes Internal Files to Unauthenticated Attackers

Do Son December 25, 2025

Administrators of the popular Zimbra Collaboration Suite (ZCS) are being urged to patch immediately after the discovery...

The 3-Million Email Siege: Inside Scripted Sparrow’s Global Industrialized BEC Machine Scripted Sparrow, Industrialized BEC

The 3-Million Email Siege: Inside Scripted Sparrow’s Global Industrialized BEC Machine

Do Son December 23, 2025

A massive, globally distributed cybercriminal collective is aggressively targeting corporate finance departments with a highly automated Business...

Roundcube Alert: High-Severity SVG XSS and CSS Sanitizer Flaws Threaten Webmail Privacy Roundcube SVG XSS, HTML Style Sanitizer Roundcube Phishing Roundcube webmail vulnerability

Roundcube SVG XSS, HTML Style Sanitizer Roundcube Phishing Roundcube webmail vulnerability

Roundcube Alert: High-Severity SVG XSS and CSS Sanitizer Flaws Threaten Webmail Privacy

Do Son December 19, 2025

The maintainers of Roundcube Webmail, one of the world’s most widely used open-source email solutions, have issued...

SonicWall Patches Two Vulnerabilities in Email Security Appliances, Including Code Execution Flaw (CVE-2025-40604) SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall ES RCE, Code Integrity Bypass SonicWall SMA, Arbitrary File Upload SonicWall SMA100 - CVE-2024-40764

SonicWall Patches Two Vulnerabilities in Email Security Appliances, Including Code Execution Flaw (CVE-2025-40604)

Do Son November 22, 2025

SonicWall has released security updates addressing two vulnerabilities in its Email Security appliances, including one that could...

Weaver E-cology RCE CVE-2026-22679 CVE-2026-20127 Cisco SD-WAN Exploitation AI-Driven Cyberattack ARXON Malware React Server Components Vulnerability CVE-2025-55182 FortiWeb Auth Bypass, Unauthenticated Admin Takeover RayInitiator Bootkit, LINE VIPER CVE-2025-59689 Department of the Treasury cybersecurity - CVE-2025-0108 PoC CVE-2025-31103 Dior Data Breach SK Telecom data breach, long-term intrusion

CVE-2025-59689: Libraesva ESG Command Injection Flaw Exploited in the Wild

Do Son September 23, 2025

Libraesva has released an urgent security advisory addressing a command injection vulnerability (CVE-2025-59689) in its Email Security...

The Trust Trap: Phishing Attacks Weaponize Security Tools by Abusing Proofpoint & Intermedia Link Wrapping A Microsoft phishing page designed to harvest credentials

A Microsoft phishing page designed to harvest credentials

The Trust Trap: Phishing Attacks Weaponize Security Tools by Abusing Proofpoint & Intermedia Link Wrapping

Do Son August 1, 2025

The Cloudflare Email Security team has exposed a wave of phishing attacks that abuse link wrapping services—typically...

Microsoft 365 “Direct Send” Abused: Phishing Campaign Spoofs Internal Users, Bypasses Security

Do Son June 28, 2025

Varonis’ Managed Data Detection and Response (MDDR) Forensics team has uncovered a stealthy and widespread phishing campaign...

Critical Alert 3 Active Exploits Detected Today

Critical Alert