CISA: Recently patched RoundCube flaws now exploited in attacks
CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks. Roundcube Webmail is a web-based email client that has been the default mail interface for the widely used cPanel web hosting control panel since 2008. The first vulnerability tagged as actively abused by […]
Microsoft: Exchange Online flags legitimate emails as phishing
Microsoft is investigating an ongoing Exchange Online issue that mistakenly flags legitimate emails as phishing and quarantines them. The incident began on February 5 and continues to affect Exchange Online customers, preventing them from sending or receiving emails. “Some users’ legitimate email messages are being marked as phish and quarantined in Exchange Online,” Microsoft said in […]
Zendesk spam wave returns, floods users with ‘Activate account’ emails
A fresh wave of spam is hitting inboxes worldwide, with users reporting that they are once again being bombarded by automated emails generated through companies’ unsecured Zendesk support systems. Some recipients say they are receiving hundreds of messages with strange or alarming subject lines. Users flooded with bogus ‘Activate account’ emails Since yesterday, numerous social […]
Cloud storage payment scam floods inboxes with fake renewals
Over the past few months, a large-scale cloud storage subscription scam campaign has been targeting users worldwide with repeated emails falsely warning recipients that their photos, files, and accounts are about to be blocked or deleted due to an alleged payment failure. Based on numerous emails seen by GeekFeed, the campaign has escalated over the past […]
Microsoft fixes Outlook bug blocking access to encrypted emails
Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a December update. This bug affects users who try to open messages encrypted with “Encrypt Only” permissions, a policy that doesn’t restrict forwarding, printing, or copying the email. On impacted systems, users are seeing a message_v2.rpmsg attachment […]
Microsoft: Outlook for iOS crashes, freezes due to coding error
Microsoft confirmed today that Outlook mobile may crash or freeze when launched on iPad devices due to a coding error. While this known issue may affect all users of Outlook for iOS version 5.2602.0 on an iPad, Microsoft says that they can work around it by launching Outlook after enabling Airplane Mode. “The latest Outlook […]
SmarterMail auth bypass flaw now exploited to hijack admin accounts
Hackers began exploiting an authentication bypass vulnerability in SmarterTools’ SmarterMail email server and collaboration tool that allows resetting admin passwords. An authentication bypass vulnerability in SmarterTools SmarterMail, which allows unauthenticated attackers to reset the system administrator password and obtain full privileges, is now actively exploited in the wild. The issue resides in the force-reset-password API […]
Zendesk ticket systems hijacked in massive global spam wave
People worldwide are being targeted by a massive spam wave originating from unsecured Zendesk support systems, with victims reporting receiving hundreds of emails with strange and sometimes alarming subject lines. The wave of spam messages started on January 18th, with people reporting on social media that they received hundreds of emails. While the messages do not appear to contain […]
Fake Lastpass emails pose as password vault backup alerts
LastPass is warning of a new phishing campaign disguised as a maintenance notification from the service, asking users to back up their vaults in the next 24 hours. The malicious emails include a link that allegedly takes users to a site where they can create an encrypted backup, where the attacker likely tries to hijack accounts or […]
Microsoft: Windows 11 update causes Outlook freezes for POP users
Microsoft is investigating widespread reports that a January Windows 11 security update is causing the classic Outlook desktop client to freeze and hang for users with POP email accounts. POP (Post Office Protocol) is an email retrieval protocol used for downloading emails from a server to a local device. While POP isn’t as widely used […]