Microsoft says new Outlook can’t open some Excel attachments
Microsoft is working to resolve a known issue that prevents some users from opening Excel email attachments in the new Outlook client. According to a service alert (EX1189359) seen by GeekFeed, the bug has been impacting Exchange Online customers since at least November 23rd. Microsoft says it has already deployed a fix to address the […]
Thunderbird adds native support for Microsoft Exchange accounts
Thunderbird 145 has been released with full native support for Microsoft Exchange email via the Exchange Web Services (EWS) protocol. This means that Thunderbird users in Microsoft Exchange environments (e.g., Microsoft 365, Office 365) no longer need third-party add-ons and benefit from seamless message synchronization and folder management locally and on the server. Migrating from […]
Hackers exploit WordPress plugin Post SMTP to hijack admin accounts
Threat actors are actively exploiting a critical vulnerability in the Post SMTP plugin installed on more than 400,000 WordPress sites, to take complete control by hijacking administrator accounts. Post SMTP is a popular email delivery solution marketed as a feature-rich and more reliable replacement of the default ‘wp_mail()’ function. On October 11, WordPress security firm Wordfence received […]
Microsoft enables Exchange Online auto-archiving by default
Microsoft is enabling threshold-based auto-archiving by default in Exchange Online to prevent email flow issues caused by mailboxes filling up faster than expected. While users can also configure messaging records management (MRM) time-based archive policies that provide automatic archival every two years, for example, these policies aren’t effective when dealing with high volumes of incoming emails […]
Hackers exploited Zimbra flaw as zero-day using iCalendar files
Researchers monitoring for larger .ICS calendar attachments found that a flaw in Zimbra Collaboration Suite (ZCS) was used in zero-day attacks at the beginning of the year. ICS files, also known as iCalendar files, are used to store calendar and scheduling information (meetings, events, and tasks) in plain text, and to exchange it between various calendar applications. […]
Oracle links Clop extortion attacks to July 2025 vulnerabilities
Oracle has linked an ongoing extortion campaign claimed by the Clop ransomware gang to E-Business Suite (EBS) vulnerabilities that were patched in July 2025. While the company has yet to attribute the attack to this ransomware operation, Rob Duhart, the Chief Security Officer of Oracle, confirmed that customers had received extortion emails from the gang. Duhart also […]
Gmail business users can now send encrypted emails to anyone
Google says that Gmail enterprise users can now send end-to-end encrypted emails to people who use any email service or platform. To send an end-to-end encrypted email, Gmail users have to turn on the “Additional encription” option when writing the message, which ensures that the email will be automatically decrypted when the recipient is a Google […]
Clop extortion emails claim theft of Oracle E-Business Suite data
Mandiant and Google are tracking a new extortion campaign where executives at multiple companies received emails claiming that sensitive data was stolen from their Oracle E-Business Suite systems According to Genevieve Stark, Head of Cybercrime and Information Operations Intelligence Analysis at GTIG, the campaign began in late September. “This activity began on or before September […]
Microsoft shares temp fix for Outlook encrypted email errors
Microsoft is investigating a known issue that triggers Outlook errors when opening encrypted emails sent from other organizations. According to a recently published support document, this issue affects users in all Office channels who are using the classic Outlook email client. “Currently, when using classic Outlook for Windows, you can’t open an OMEv2 encrypted email […]
Unofficial Postmark MCP npm silently stole users’ emails
A npm package copying the official ‘postmark-mcp’ project on GitHub turned bad with the latest update that added a single line of code to exfiltrate all its users’ email communication. Published by a legitimate-looking developer, the malicious package was a perfect replica of the authentic one in terms of code and description, appearing as an official port […]