Email security

Beyond the inbox: Defending against sophisticated email threats in the era of cloud and AI

Paul WagenseilDecember 12, 2025

Email attack techniques are evolving quickly, and traditional secure gateways can't keep up. Context-aware, AI-powered email monitoring may be the solution.

Phishing

Massive phishing scheme fueled by Mimecast link exploitation

SC StaffDecember 11, 2025

Threat actors have exploited cybersecurity firm Mimecast's secure-link rewriting capability to deploy over 40,000 phishing emails mimicking SharePoint and DocuSign worldwide, Cybernews reports.

(Credit: Postmodern Studio – stock.adobe.com)

Ransomware

DocuSign phishing ranks as top inbox threat, analysis finds

Laura FrenchDecember 9, 2025

DocuSign was the most impersonated brand among phishing emails that bypassed secure email gateways.

Scam fraud security warning crime internet technology phishing online alert digital risk protection threat background with danger message spam cyber concept hacking attack email sms caution symbol

Email security

ToddyCat revamps attack arsenal for email compromise

SC StaffNovember 26, 2025

The Hacker News reports that multiple new tactics have been employed by the advanced persistent threat operation ToddyCat to compromise corporate Outlook emails and Microsoft 365 access tokens.

Email security

Microsoft Entra guest invites harnessed in new phishing campaign

SC StaffNovember 18, 2025

Microsoft Entra B2B tenant invitations have been exploited by threat actors to facilitate a new Telephone-Oriented Attack Delivery phishing campaign, according to Cybernews.

Threat Intelligence

HTML attachment phishing used in new credential theft campaign

SC StaffNovember 12, 2025

This phishing operation embeds malicious JavaScript within HTML attachments disguised as legitimate business documents.

Phishing

Microsoft Outlook, Gmail increasingly targeted in phishing attacks

SC StaffNovember 11, 2025

More than 90% of phishing intrusions between July and September have been aimed at Microsoft Outlook and Gmail inboxes, with threat actors increasingly weaponizing trusted platforms to facilitate compromise, according to GBHackers News.

Fake cans of Campbell's Soup relabeled as 'Acronym Soup' with flavors like 'CNAPP' and 'CSPM.'

Application security

OWASP Global AppSec: AI magic dust, conference coziness and the illusion of managed risk

Paul WagenseilNovember 10, 2025

AI was the constant background hum at the OWASP Global AppSec conference last week, but the scene-stealer was a keynote talk telling us that managing risk is pointless.

Email security

Beyond the inbox: Defending against sophisticated email threats in the era of cloud and AI

Massive phishing scheme fueled by Mimecast link exploitation

DocuSign phishing ranks as top inbox threat, analysis finds

ToddyCat revamps attack arsenal for email compromise

Microsoft Entra guest invites harnessed in new phishing campaign

HTML attachment phishing used in new credential theft campaign

Microsoft Outlook, Gmail increasingly targeted in phishing attacks

OWASP Global AppSec: AI magic dust, conference coziness and the illusion of managed risk

Fast Five

Selected by the SC Media Editorial team every Tuesday.