Libraesva ESG issues emergency fix for bug exploited by state hackers
Libraesva rolled out an emergency update for its Email Security Gateway (ESG) solution to fix a vulnerability exploited by threat actors believed to be state sponsored. The email security product protects email systems from phishing, malware, spam, business email compromise, and spoofing, using a multi-layer protection architecture. According to the vendor, Libraesva ESG is used […]
Microsoft fixes Exchange Online outage affecting users worldwide
Microsoft says that it has mitigated an Exchange Online outage affecting customers worldwide, which blocked their access to emails and calendars. “We’re investigating an issue affecting a portion of infrastructure in North America, where users may be unable to access their mailbox via any Exchange Online connection method,” the company said on Thursday morning. According to user reports on DownDetector, the […]
Microsoft: Anti-spam bug blocks links in Exchange Online, Teams
Microsoft is working to resolve a known issue that causes an anti-spam service to mistakenly block Exchange Online and Microsoft Teams users from opening URLs and quarantine some of their emails. In a service alert seen by GeekFeed, the company stated that the issue is caused by the anti-spam engine incorrectly tagging URLs contained within other URLs […]
Microsoft working on fix for ongoing Outlook email issues
Microsoft is working to resolve an Exchange Online issue causing email access problems for Outlook mobile users who use Hybrid Modern Authentication (HMA). HMA is a Microsoft Exchange Server feature that allows users to access on-premises mailboxes using authorization tokens from the cloud. Tracked under EX1137017 in the Microsoft 365 Admin Center, this known issue is caused by a recent […]
Pennsylvania attorney general’s email, site down after cyberattack
The Office of the Pennsylvania Attorney General has announced that a recent cyberattack has taken down its systems, including landline phone lines and email accounts. As Attorney General Dave Sunday revealed on social media on Monday, the office staff is currently working to restore affected services and investigate the incident with the help of law enforcement […]
Attackers exploit link-wrapping services to steal Microsoft 365 logins
A threat actor has been abusing link wrapping services from reputed technology companies to mask malicious links leading to Microsoft 365 phishing pages that collect login credentials. The attacker exploited the URL security feature from cybersecurity company Proofpoint and cloud communications firm Intermedia in campaigns from June through July. Some email security services include a […]
Post SMTP plugin flaw exposes 200K WordPress sites to hijacking attacks
More than 200,000 WordPress websites are using a vulnerable version of the Post SMTP plugin that allows hackers to take control of the administrator account. Post SMTP is a popular email delivery plugin for WordPress that counts more than 400,000 active installations. It’s marketed as a replacement of the default ‘wp_mail()’ function that is more […]
UK ties GRU to stealthy Microsoft 365 credential-stealing malware
The UK National Cyber Security Centre (NCSC) has formally attributed ‘Authentic Antics’ espionage malware attacks to APT28 (Fancy Bear), a threat actor already linked to Russia’s military intelligence service (GRU). The NCSC revealed in a detailed technical analysis of the Authentic Antics malware dated May 6th that it is stealing credentials and OAuth 2.0 tokens that […]
Google Gemini flaw hijacks email summaries for phishing
Google Gemini for Workspace can be exploited to generate email summaries that appear legitimate but include malicious instructions or warnings that direct users to phishing sites without using attachments or direct links. Such an attack leverages indirect prompt injections that are hidden inside an email and obeyed by Gemini when generating the message summary. Despite […]
Let’s Encrypt ends certificate expiry emails to cut costs, boost privacy
Let’s Encrypt has announced it will no longer notify users about imminent certificate expirations via email due to high costs, privacy concerns, and unnecessary complexities. The decision to end the expiration notification email service was implemented as of June 4, 2025, but Let’s Encrypt has now communicated it via a blog post to raise awareness […]