Email security

Microsoft recently detailed on its security blog an attack where malicious OAuth applications were used to compromise cloud tenants to gain control of Exchange Online settings to eventually spread spam.

BleepingComputer reports that American Airlines has confirmed that it was breached after being targeted by a phishing attack leveraging an employee's compromised Microsoft 365 account.

BleepingComputer reports that GitHub users are being targeted in an ongoing phishing campaign spoofing the CircleCI continuous integration and delivery platform, which commenced last week.

Focus on MFA, tabletop exercises, risk assessments and above all – make sure the company makes security a top priority in next year’s budget.

Russian advanced persistent threat group Sandworm-linked threat actors, tracked as UAC-0113, has been impersonating Ukrainian telecommunications providers EuroTransTelecom and Datagrooup to distribute the Warzone RAT and Colibri loader, The Hacker News reports.

VentureBeat reports that cybercriminals have been increasingly exploiting the death of Queen Elizabeth II in new scams.

U.S. government contractors are being targeted by an ongoing phishing campaign that once used PDF files pertaining to the bidding process for Department of Labor projects but has since expanded to impersonate the Department of Commerce and the Department of Transportation, according to BleepingComputer.

Security researchers say email breach at large airline demonstrates that users are still a primary attack vector for threat actors.