email

Leaking the Email of Any YouTube User for $10,000

,

Leaking YouTube users' emails for $10,000 is possible due to a vulnerability involving their obfuscated Gaia IDs. By blocking a user on YouTube, their Gaia ID can be obtained, which can then be resolved to an email using an old Google product, Pixel Recorder. The exploit includes steps to leak the Gaia ID from YouTube, share a recording (without triggering notifications by using an excessively long title), and obtain the email linked to the user. Despite initial patches, the issue remained exploitable and was ultimately disclosed in early February 2025 after confirming fixes and receiving a total reward of $10,633 for the findings.

https://brutecat.com/articles/leaking-youtube-emails

Google’s DMARC Push Pays Off, but Challenges Remain

Google's DMARC initiative has doubled email authentication adoption, but 87% of domains remain vulnerable. Despite fewer unauthenticated emails, phishing threats persist, as attackers exploit domains with “lookalike” names. Increased regulation and standards drive further DMARC adoption. Organizations gain visibility into email failures with DMARC, aiding in better security classifications. Although adoption is rising, challenges in email security remain, emphasizing the need for continued improvement in cyber defenses.

https://www.darkreading.com/remote-workforce/google-dmarc-push-email-security-challenges

Seasoning Email Threats With Hidden Text Salting

Cisco Talos reports a rise in email threats using hidden text salting to evade detection. This technique involves inserting invisible characters or comments in the HTML of emails, confusing parsers and spam filters. It tricks systems into misidentifying brand names and languages in phishing attempts. Success against this method requires advanced detection strategies, inspecting suspicious CSS properties, and utilizing AI-driven email security solutions.

https://blog.talosintelligence.com/seasoning-email-threats-with-hidden-text-salting/

Scroll to Top