email

New Gmail Account Attack Warning—Hackers Abuse Critical Security Check

Hackers are targeting Gmail users with a malicious fake Google Account Security Checkup tool that grants attackers access to sensitive information, including push notifications, contacts, GPS location, and clipboard contents. This attack uses deception to trick users into following prompts that compromise their account security. To protect themselves, users should only use the official Google Account Security Checkup tool through official channels, such as typing the URL directly into their browser.

https://www.forbes.com/sites/daveywinder/2026/03/01/check-your-gmail-account-security-now-ongoing-attacks-reported/

Global SaaS Abuse Surge: U.S., Europe & APAC Targeted in Large‑Scale Phone‑Based Phishing

Phishing campaign using legitimate SaaS platforms saw 133,260 emails target over 20,000 organizations. Attackers exploited platform features to send authentic-looking scam emails, bypassing traditional detection methods. Techniques included manipulating user fields to create legitimate notifications from companies like Microsoft and Amazon, urging victims to call attacker-controlled phone numbers instead of clicking links. This trend reflects a strategic shift towards trust-based attacks, highlighting vulnerabilities in widely-used enterprise services and the need for improved detection strategies.

https://blog.checkpoint.com/research/saas-abuse-at-scale-phone-based-scam-campaign-leveraging-trusted-platforms/

Hackers Exploited Routing Scenarios and Misconfigurtions to Effectively Spoof Organizations

Hackers are exploiting complex email routing and misconfigurations to send deceptive phishing emails that appear to originate from within organizations. This technique has become prevalent since May 2025 and utilizes common tactics like fake voicemail alerts and document sharing to steal credentials. Organizations misconfigured in email routing are vulnerable, while those using Microsoft Exchange with Office 365 have built-in protections. Proper security configurations can mitigate risks associated with these attacks.

https://cybersecuritynews.com/hackers-exploited-routing-scenarios-and-misconfigurtions/

Phishing Campaign Abuses Google Cloud Services to Steal Microsoft 365 Logins

Phishing attacks exploit Google Cloud services to steal Microsoft 365 logins. Cybercriminals send fake Google emails, using trusted domains to redirect victims to a look-alike login page. Google acknowledges this abuse and has acted to mitigate such campaigns, advising users to verify URLs and use multi-factor authentication to enhance security.

https://www.malwarebytes.com/blog/news/2026/01/phishing-campaign-abuses-google-cloud-services-to-steal-microsoft-365-logins

Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

Cybercriminals exploit Google Cloud's email integration to conduct a multi-stage phishing campaign, sending 9,394 emails to over 3,200 targets globally. Using trusted Google-generated messages, attackers bypass security filters and mimic legitimate notifications to steal user credentials through deceptive links leading to fake verification and login pages. Google has responded by blocking these phishing attempts and enhancing protections.

https://thehackernews.com/2026/01/cybercriminals-abuse-google-cloud-email.html

Beware: PayPal Subscriptions Abused to Send Fake Purchase Emails

PayPal subscriptions are being exploited in a scam where fake purchase emails are sent, misleading people into believing they made expensive transactions. The emails, appearing legitimate, originate from “[email protected]” and include modified customer service URLs displaying fake purchase notifications. Scammers intend to instill fear, prompting recipients to call a fake PayPal support number. Although legit email formats are used, PayPal is working to mitigate this scam. Recipients are advised to ignore such emails and verify their account directly through PayPal.

https://www.bleepingcomputer.com/news/security/beware-paypal-subscriptions-abused-to-send-fake-purchase-emails/

Email Security: Where We Are and What the Future Holds

Email security is flawed, relying on outdated protocols like SMTP, which lacks encryption by default. Various solutions like STARTTLS, SMTPS, and end-to-end encryption via PGP and S/MIME attempt to improve security but face usability and trust issues. Authentication mechanisms (SPF, DKIM, DMARC) help but are vulnerable due to DNS weaknesses. The future calls for enhanced E2EE, adoption of DNSSEC, and overall improvements in protocols to strengthen email as a secure communication tool, moving away from its role in account recovery and toward focused communication purposes.

https://www.privacyguides.org/posts/2025/11/15/email-security-where-we-are-and-what-the-future-holds/

AI Agent Phishing: Proofpoint’s New Defense

AI agents are now targets for email phishing, with cybercriminals exploiting prompts in emails to manipulate AI responses. Proofpoint introduced new AI defense tools to scan potential threats before they reach inboxes, enhancing email security. Traditional methods focus on known threats but fail against sophisticated attacks targeting AI systems. Proofpoint's real-time scanning aims to prevent AI exploitation pre-delivery by using refined detection models. The evolution of security must adapt to address these new risks as AI becomes more integrated into enterprise systems.

https://spectrum.ieee.org/ai-agent-phishing

Too Salty to Handle: Exposing Cases of CSS Abuse for Hidden Text Salting

Cisco Talos reports on hidden text salting in emails—using CSS to conceal irrelevant content for evasion of spam detection. The technique recently highlighted shows frequent use in spam versus legitimate messages. Four key areas where salt is inserted include the preheader, header, attachments, and body of emails. Common methods involve manipulating CSS properties like font size, visibility, and display, complicating detection efforts. Hidden text salting undermines email security solutions and requires enhanced filtering and detection strategies to mitigate risks effectively.

https://blog.talosintelligence.com/too-salty-to-handle-exposing-cases-of-css-abuse-for-hidden-text-salting/

Leaking the Email of Any YouTube User for $10,000

Leaking YouTube users' emails for $10,000 is possible due to a vulnerability involving their obfuscated Gaia IDs. By blocking a user on YouTube, their Gaia ID can be obtained, which can then be resolved to an email using an old Google product, Pixel Recorder. The exploit includes steps to leak the Gaia ID from YouTube, share a recording (without triggering notifications by using an excessively long title), and obtain the email linked to the user. Despite initial patches, the issue remained exploitable and was ultimately disclosed in early February 2025 after confirming fixes and receiving a total reward of $10,633 for the findings.

https://brutecat.com/articles/leaking-youtube-emails

Google’s DMARC Push Pays Off, but Challenges Remain

Google's DMARC initiative has doubled email authentication adoption, but 87% of domains remain vulnerable. Despite fewer unauthenticated emails, phishing threats persist, as attackers exploit domains with “lookalike” names. Increased regulation and standards drive further DMARC adoption. Organizations gain visibility into email failures with DMARC, aiding in better security classifications. Although adoption is rising, challenges in email security remain, emphasizing the need for continued improvement in cyber defenses.

https://www.darkreading.com/remote-workforce/google-dmarc-push-email-security-challenges

Seasoning Email Threats With Hidden Text Salting

Cisco Talos reports a rise in email threats using hidden text salting to evade detection. This technique involves inserting invisible characters or comments in the HTML of emails, confusing parsers and spam filters. It tricks systems into misidentifying brand names and languages in phishing attempts. Success against this method requires advanced detection strategies, inspecting suspicious CSS properties, and utilizing AI-driven email security solutions.

https://blog.talosintelligence.com/seasoning-email-threats-with-hidden-text-salting/

Scroll to Top