The exploitation of the authentication bypass vulnerability started two days after patches were released.

The post Fresh SmarterMail Flaw Exploited for Admin Access appeared first on SecurityWeek.

See how modern AI-driven detection can block sophisticated attacks that traditional tools miss

The post Webinar Today: Rethinking Email Security for Mid-Sized Organizations appeared first on SecurityWeek.

While organizations invest heavily in stopping threats from entering their networks, a critical vulnerability often goes underprotected: sensitive data leaving the organization through email.

Discover how AI-driven email automation will reshape customer journeys in 2026 with personalized campaigns, smarter timing, scalability, and better engagement.

The post 4 Ways Email Automation Will Reshape Customer Journeys in 2026 appeared first on Security Boulevard.

Attackers are increasingly abusing network misconfigurations to send spoofed phishing emails, according to researchers at Microsoft. This technique isn’t new, but Microsoft has observed a surge in these attacks since May 2025.

Google is ending Gmailify and POP-based fetching in Gmail, pushing users toward forwarding or IMAP in the mobile app to keep third-party mail accessible.

The post Gmail Says Goodbye to Gmailify and POP3: What Users Need to Know appeared first on TechRepublic.

Google is ending Gmailify and POP-based fetching in Gmail, pushing users toward forwarding or IMAP in the mobile app to keep third-party mail accessible.

The post Gmail Says Goodbye to Gmailify and POP3: What Users Need to Know appeared first on TechRepublic.

Email has been the backbone of business communication for decades and as such, it remains the attacker’s favorite doorway into an organization.

Threat actors spoof legitimate domains to make their phishing emails appear to have been sent internally.

The post Complex Routing, Misconfigurations Exploited for Domain Spoofing in Phishing Attacks appeared first on SecurityWeek.

Researchers warn that attackers are abusing Google notifications and cloud services to deliver phishing emails that bypass traditional email security controls.

The post Trusted Google Notifications Used in Phishing Campaign Targeting 3,000+ Orgs appeared first on TechRepublic.

Researchers warn that attackers are abusing Google notifications and cloud services to deliver phishing emails that bypass traditional email security controls.

The post Trusted Google Notifications Used in Phishing Campaign Targeting 3,000+ Orgs appeared first on TechRepublic.

Lead Analysts: Jeewan Singh Jalal, Prabhakaran Ravichandhiran and Anand Bodke

Since November 3, 2025, KnowBe4 Threat Labs has been monitoring a highly sophisticated, multi-stage phishing operation that is actively targeting organizations to steal employees’ Microsoft 365 credentials. The campaign has been engineered to bypass traditional email security defenses, such as secure email gateways (SEGs),  and multi-factor authentication (MFA) tools.

Following its launch in 2024, Gartner® has now published the second Magic Quadrant™ for Email Security —and KnowBe4 is delighted to once again be named a Leader!

Email Threat Defense’s enhanced capabilities integrate gateway-level prevention with supplemental, API-based post-delivery remediation.

EXECUTIVE SUMMARY:

Ahead of the U.S. elections, adversaries are weaponizing social media to gain political sway. Russian and Iranian efforts have become increasingly aggressive and transparent. However, China appears to have taken a more carefully calculated and nuanced approach.

China’s seeming disinformation efforts have little to do with positioning one political candidate as preferable to another. Rather, the country’s maneuvers may aim to undermine trust in voting systems, elections and America, in general; amplifying criticism and sowing discord.

Spamouflage

In recent months, the Chinese disinformation network, known as Spamouflage, has pursued “advanced deceptive behavior.” It has quietly launched thousands of accounts across more than 50 domains, and used them to target people across the United States.

The group has been active since 2017, but has recently reinforced its efforts.

Fake profiles

The Spamouflage network’s fake online accounts present fake identities, which sometimes change on a whim. The accounts/profiles have been spotted on X, TikTok and elsewhere.

For example: Harlan claimed to be a New York resident and an Army veteran, age 29. His profile picture showed a well-groomed young man. However, a few months later, his account shifted personas. Suddenly, Harlan appeared to be from Florida and a 31 year-old Republican influencer.  At least four different accounts were found to mimic Trump supporters – part of a tactic with the moniker “MAGAflage.”

The fake profiles, including the fake photos, may have been generated through artificial intelligence tools, according to analysts.

Accounts have exhibited certain patterns, using hashtags like #American, while presenting themselves as voters or groups that “love America” but feel alienated by political issues that range from women’s healthcare to Ukraine.

In June, one post on X read “Although I am American, I am extremely opposed to NATO and the behavior of the U.S. government in war. I think soldiers should protect their own country’s people and territory…should not initiate wars on their own…” The text was accompanied by an image showing NATO’s expansion across Europe.

Email security implications

Disinformation campaigns that create (and weaponize) fake profiles, as described above, will have a high degree of success when crafting and distributing phishing emails, as the emails will appear to come from credible sources.

This makes it essential for organizations to implement and for employees to adhere to advanced verification methods that can ensure the veracity of communications.

Advanced email security protocols

Within your organization, if you haven’t done so already, consider implementing the following:

• Multi-factor authentication. Even if credentials are compromised via phishing, MFA can help protect against unauthorized account access.
• Email authentication protocols. Technologies such as SPF, DKIM and DMARC can assist with verifying the legitimacy of email senders and spoofing prevention.
• Advanced threat detection. Advanced threat detection solutions that are powered by AI and machine learning can enhance email traffic security.
• Employee awareness. Remind employees to not only think before they click, but to also think before they link to information – whether in their professional roles or their personal lives.
• Incident response plans. Most organizations have incident response plans. But are they routinely updated? Can they address disinformation and deepfake threats?

Further thoughts

To effectively counter threats, organizations need to pursue a dynamic, multi-dimensional approach. But it’s tough.

To get expert guidance, please visit our website or contact our experts. We’re here to help!

The post Spamouflage’s advanced deceptive behavior reinforces need for stronger email security appeared first on CyberTalk.