Email security

Sixty thousand emails from U.S. State Department accounts were noted by a staffer working for Sen. Eric Schmitt, R-Mo., to have been exfiltrated by Chinese threat actors during the widespread compromise of Microsoft email accounts that commenced in May, according to Reuters.

Threat actors have leveraged the ZeroFont phishing attack technique, which initially involved the insertion of hidden characters or words in emails to evade security detection systems, to modify message previews as shown on Microsoft Outlook and other email clients, BleepingComputer reports.

BleepingComputer reports that individuals who have filed claims against bankrupt cryptocurrency lender Celsius have been subjected to phishing attacks involving the impersonation of the lender's claims agent, Stretto.

Iranian government-linked APT Charming Kitten deployed a new backdoor malware in attacks against a broad range of organizations, mainly in Israel.

Threat actors have been deploying new phishing attacks exploiting Google Looker Studio in a bid to evade security defenses, according to SecurityWeek.

While only 224 users were affected, security pros raised eyebrows because the victims could have been prominent journalists and editors.

Two separate phishing campaigns have been distributing the new variants of the SideTwist and AgentTesla backdoors, according to The Hacker News.

The compromise of a Microsoft engineer’s account was just one of several factors that allowed threat group Storm-0558 to steal a cryptographic signing key and access U.S. government accounts.