The Silent Channel: Privacy-Focused Email for Small Businesses #EmailPrivacy #SecureEmail #OpenSource #FOSS #SmallBusinessIT #Cybersecurity #DataProtection #EncryptedEmail #Mailcow #Tutanota #ProtonMail #MailboxOrg #DeadSwitch #DigitalFreedom #ZeroTrust #PrivacyTools #EmailSecurity

http://tomsitcafe.com/2025/05/03/%f0%9f%93%a7-the-silent-channel-privacy-focused-email-for-small-businesses/

Ever had an important email suddenly vanish into spam? Microsoft Exchange Online's AI mix-up—mistakenly flagging Gmail messages as spam—highlights the tricky balance between tight security and keeping our inboxes hassle-free. Curious how ML is shaping our email future?

https://thedefendopsdiaries.com/navigating-the-challenges-of-machine-learning-in-email-security/

#machinelearning
#emailsecurity
#cyberthreats
#microsoft
#spamdetection

Our Houston-based client is looking for a 𝗿𝗲𝗺𝗼𝘁𝗲 (must be in Mexico) Senior Email Security Analyst with experience with Abnormal Security or a similar email security platform. If you're interested, please apply in English :

https://recruiterflow.com/nsc/jobs/38

https://greek-nea.com/epithesi-phishing-sto-gmail-pos-na-prostatefteite #BBGR #BigBrotherGR #Google
#Gmail #Phishing #CyberSecurity #OnlineSafety #Hacking #DataProtection #SecurityAlert #GoogleSecurity #EmailSecurity #PhishingScam #StaySafeOnline #TechNews #InternetSecurity #CyberAttack #GmailAlert #ελλάδα #ελληνικά

Did you know that if a spammer uses your email address as the FROM: address, which is easy to do, all the bounce messages will go to your email address? If the spammer really hates you, they will send millions of emails with your FROM: address and you will get a million bounce messages.

Can you stop this or prevent this? No

Why would a mail provider send you a bounce message, knowing you're innocent? Because that's how someone wrote the protocol back then, and nobody changes it or does it differently because ... reasons.

Does the spammer get a bounce message? Nope, not one.

Does the SMTP sending account owner whose credentials were stolen be notified about bounces so they can stop the spam? Nope.

Just millions of emails sent every day to poor schlameels who have no idea why they are getting them and who can't do anything about them.

The more I learn about the email protocols, the more I realize how terrible the design is.

Okay friends, so I’m in the middle of creating a new brand, you may have guessed it, CybersecKyle. I’m going to be building this into Cybersecurity resources, tips, and overall online safety for people.

This will include; videos, articles, etc. Still coming up with ideas. Videos will be short form at first. Insta reels, TikTok, YT shorts, etc.

I’m open to suggestions!

Be on the lookout for more news. I’ll be posting the social accts once I have them ready.

Phishing threat: Attackers exploit Google Sites + DKIM to bypass trust filters

This new phishing campaign is dangerously convincing:
Spoofed emails come from no-reply@google.com
Links lead to fake support pages hosted on Google Sites
DKIM passes — making them look authentic
Goal: steal user credentials in a Google-like login flow

Security teams should:
Train users to inspect links & headers
Enforce MFA
Flag suspicious messages — even if they appear “from Google”

#CyberSecurity #Phishing #EmailSecurity #DKIM #GoogleSites #security #privacy #cloud #infosec
https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html

Google Sites + DKIM replay let phishers send legit‑signed emails & steal creds. Read the breakdown & protection tips. Learn more: https://zerodaily.me/blog/2025-04-22-google-sites-dkim-replay-phishing

Google Email Systems Spoofed by Phishing Campaign Reusing Valid DKIM Signatures

#Cybersecurity #Gmail #Phishing #DKIM #DMARC #EmailSecurity #Google #Spoofing #OAuth #InfoSec #CyberAttack

https://winbuzzer.com/2025/04/22/google-email-spoofed-by-phishing-campaign-reusing-valid-dkim-signatures-xcxwbn/

Phishers have found a clever way to spoof Google — and their emails pass all security checks.

A new DKIM replay phishing attack abuses Google’s own OAuth infrastructure to send fake messages that look 100% legitimate, including passing DKIM authentication.

What happened:
- A phishing email was sent from “no-reply@google.com”
- It appeared in the user’s inbox alongside real Google security alerts
- The message linked to a fake support portal hosted on sites[dot]google[dot]com — a Google-owned domain
- The attacker used Google OAuth to trigger a real security alert to their inbox, then forwarded it to victims

Why this matters:
- DKIM only verifies the headers, not the envelope — allowing this spoof to work
- The phishing site was nearly indistinguishable from Google’s actual login portal
- Because the message was signed by Google and hosted on a Google domain, it bypassed most users’ suspicions
- Similar tricks have been used with PayPal and other platforms, raising broader concerns

Google has since acknowledged the issue and is working on a fix. But this attack is a reminder:

Even the most secure-looking emails can be fraudulent.
Even Google-signed emails can be weaponized.

At @Efani, we advocate for layered defense — because no one layer is ever enough.

Imagine getting a Google alert that's anything but real. Hackers are reusing DKIM-signed emails via Google OAuth to bypass security—are our inboxes truly safe? Read on to uncover how this crafty loophole is exploited.

https://thedefendopsdiaries.com/exploiting-google-oauth-the-dkim-replay-attack-threat/

#dkim
#emailsecurity
#phishing
#googleoauth
#cybersecurity

SVG Phishing Attacks Surge in 2025, Exploiting Image Files

#Cybersecurity #SVG #Phishing #InfoSec #CyberAttack #Malware #EmailSecurity #CyberCrime #ThreatIntel

https://winbuzzer.com/2025/04/21/svg-phishing-attacks-surge-in-2025-exploiting-image-files-xcxwbn/

Ever wonder what email servers are doing behind the scenes? At https://LearnDMARC.com, we turned the confusing world of email authentication into a visual story.

Watch servers talk it out.
Take the DMARC quiz.
Paste email headers.

Perfect for learners, IT pros, and anyone who’s ever yelled “WHY is SPF failing?!” Best of all? It’s free, and your data isn’t stored or used for anything beyond creating the visualization.

Google DMARC reports are back! After going quiet since April 13, Google has resumed sending DMARC aggregate reports as of 19:15 UTC today. So far, the reports only include data from yesterday (April 16), but it is a good sign that things are starting to flow again.

For anyone who uses or knows about using custom domains for email, if I were to make some aliases or email addresses with my custom domain email within a service like SimpleLogin, are those aliases/addresses able to be transfered to other email providers just like my domain? #customdomain #email #privacy #security #emailsecurity

Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to create a security system so easily disabled.

But, I realize it was NEVER designed to protect YOU from spam. It has ONE purpose. Protect corporations from being spoofed. Period. They set their DMARC to reject or quarantine emails from their domains that fail security. It works perfectly for this and ONLY this. They are protected. You, not so much, but you are not their concern.

It could have been easily expanded to kill spam by not allowing the checks to be ignored, but why should they? They are protected. Common attitude today by too many people.

Am I wrong?
#CyberSecurity #EmailSecurity

Scammers set up domains with instructions to ignore email security failures on their emails via a DMARC record and Google et al. deliver their obvious dangerous spam to you. I thought, "how stupid" to create a security system so easily disabled.

But, I realize it was NEVER designed to protect YOU from spam. It has ONE purpose. Protect corporations from being spoofed. Period. They set their DMARC to reject or quarantine emails from their domains that fail security. It works perfectly for this and ONLY this. They are protected. You, not so much, but you are not their concern.

It could have been easily expanded to kill spam by not allowing the checks to be ignored, but why should they? They are protected. Common attitude today by too many people.

Am I wrong?
#CyberSecurity #EmailSecurity

Is your organization truly encrypting email or just assuming it's secure?

Despite rising threats and regulatory pressure, encrypted email adoption remains low in many industries. Most sensitive messages are still exposed after delivery—leaving you open to breaches, insider threats, and compliance risks. Principal Consultant Ben Kast dives into the technical details in his new blog, as well as advice on the pros and cons of different email encryption options.

Check it out: https://www.lmgsecurity.com/securing-the-email-flow-implementing-encrypted-email-in-microsoft-365-exchange-and-onward/

Cybercriminals are stepping up their game—now using real-time email validation to target only the most valuable victims while sending others to benign sites. Are we ready for this next-level threat?

https://thedefendopsdiaries.com/precision-validated-phishing-a-new-era-of-cyber-threats/

#phishing
#cybersecurity
#emailsecurity
#threatdetection
#infosec

Mehr Sicherheit für digitale Bildung: Wie oncampus mit @mailbox_org zuverlässige E-Mail-Kommunikation sicherstellt

Als oncampus 2021 mit E-Mail-Zustellproblemen kämpfte, wurde klar: Es braucht eine sichere, zuverlässige Lösung.

Mit mailbox.org fand der E-Learning-Anbieter einen DSGVO-konformen Partner, der Spam-Probleme löste und Datenschutz in deutschen Rechenzentren garantiert. Die ganze Erfolgsgeschichte hier: https://mailbox.org/de/post/e-mail-sicherheit-im-bildungssektor