Critical OpenPGP.js Vulnerability Allows Spoofing
An OpenPGP.js vulnerability tracked as CVE-2025-47934 allows message signature verification to be spoofed.
The post Critical OpenPGP.js Vulnerability Allows Spoofing appeared first on SecurityWeek.
email security
Russian APT Exploiting Mail Servers Against Government, Defense Organizations
Russia-linked APT28 has been exploiting mail server vulnerabilities against government and defense entities since September 2023.
The post Russian APT Exploiting Mail Servers Against Government, Defense Organizations appeared first on SecurityWeek.
Proofpoint to Acquire Hornetsecurity in Reported $1 Billion Deal
Enterprise cybersecurity giant Proofpoint is buying Germany-based Microsoft 365 security solutions provider Hornetsecurity.
The post Proofpoint to Acquire Hornetsecurity in Reported $1 Billion Deal appeared first on SecurityWeek.
Russia-linked hackers target webmail servers in Ukraine-related espionage operation
ESET researchers have uncovered RoundPress, a Russia-aligned espionage operation targeting webmail servers via XSS vulnerabilities. Behind it is most likely the Russia-aligned Sednit (also known as Fancy Bear or APT28) cyberespionage group, holding the…
Low-tech phishing attacks are gaining ground
Cybercriminals are increasingly favoring low-tech, human-centric attacks to bypass email scanning technologies, according to VIPRE Security. The report is based on an analysis of global real-world data and highlights the most significant email security…
CISA warns about actively exploited Broadcom, Commvault vulnerabilities
The Cybersecurity and Infrastructure Security Agency (CISA) has added three new flaws to its Known Exploited Vulnerabilities catalog on Monday, affecting Commvault (CVE-2025-3928), Active! Mail (CVE-2025-42599), and Broadcom Brocade (CVE-2025-1976) sol…
Legacy Google Service Abused in Phishing Attacks
A sophisticated phishing campaign abuses weakness in Google Sites to spoof Google no-reply addresses and bypass protections.
The post Legacy Google Service Abused in Phishing Attacks appeared first on SecurityWeek.
Fake Certificate Issued for Alibaba Cloud After SSL.com Validation Trick
A critical vulnerability in SSL.com’s domain validation process allowed unauthorized parties to fraudulently obtain TLS certificates for high-profile domains, including Alibaba Cloud’s aliyun.com, researchers revealed this week. The certificate authori…
AI Now Outsmarts Humans in Spear Phishing, Analysis Shows
Agentic AI has improved spear phishing effectiveness by 55% since 2023, research shows.
The post AI Now Outsmarts Humans in Spear Phishing, Analysis Shows appeared first on SecurityWeek.
CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign
‘PoisonSeed’ phishing campaign targets CRM and bulk email providers to distribute “crypto seed phrase” messages.
The post CRM, Bulk Email Providers Targeted in Crypto Phishing Campaign appeared first on SecurityWeek.