Fosstodon

ResearchBuzz: FirehoseBleeping Computer: Phishers abuse Google OAuth to spoof Google in DKIM replay attack. “In a rather clever attack, hackers leveraged a weakness that allowed them to send a fake email that seemed delivered from Google’s systems, passing all verifications but pointing to a fraudulent page that collected logins. The attacker leveraged Google’s infrastructure to trick recipients into accessing […]<a href="https://rbfirehose.com/2025/04/21/bleeping-computer-phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack/" class="" rel="nofollow noopener" target="_blank">https://rbfirehose.com/2025/04/21/bleeping-computer-phishers-abuse-google-oauth-to-spoof-google-in-dkim-replay-attack/</a>

Techy Geek :verified:A critical unpatched bug allows anyone to impersonate Microsoft corporate email accounts, enabling phishing attacks. The researcher who discovered it reported it to Microsoft, but they couldn't reproduce the issue. It remains unaddressed, posing risks of exploitation by threat actors. 😬<a href="https://infosec.exchange/tags/MicrosoftBug" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftBug</a> <a href="https://infosec.exchange/tags/EmailSpoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#EmailSpoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a><a href="https://securityaffairs.com/164675/hacking/expert-warns-of-a-spoofing-bug.html" rel="nofollow noopener" translate="no" target="_blank">https://securityaffairs.com/164675/hacking/expert-warns-of-a-spoofing-bug.html</a>

Darren Di LietoThis website is terrific! It helped me troubleshoot an email issue that had been plaguing me for months. I wish I'd run across the site sooner. It's an integral part of my toolbox now.<a href="https://www.learndmarc.com" rel="nofollow noopener" translate="no" target="_blank">https://www.learndmarc.com</a><a href="https://illo.social/tags/DMARC" class="mention hashtag" rel="nofollow noopener" target="_blank">#DMARC</a> <a href="https://illo.social/tags/EmailSpoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#EmailSpoofing</a>

🛡 H3lium@infosec.exchange/:~# :blinking_cursor:"🚨 SMTP Smuggling Unveils New Email Spoofing Threats 🚨"Research by Timo Longin and SEC Consult has uncovered a new vulnerability in the SMTP (Simple Mail Transfer Protocol) known as SMTP Smuggling. This method exploits differences in protocol interpretation, enabling attackers to send spoofed emails from any domain, bypassing SPF checks. Notably, vulnerabilities were identified in Microsoft and GMX, which were promptly addressed. However, SEC Consult advises companies using Cisco Secure Email to manually update their vulnerable default configurations. It's a game-changer in email security, affecting millions of domains and SMTP servers, including major players like Microsoft and GMX. Companies using Cisco Secure Email need urgent updates to their default configurations. Stay vigilant, folks! 🔍💻<a href="https://infosec.exchange/tags/SMTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#SMTP</a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://infosec.exchange/tags/EmailSpoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#EmailSpoofing</a> <a href="https://infosec.exchange/tags/Phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#Phishing</a> <a href="https://infosec.exchange/tags/SECConsult" class="mention hashtag" rel="nofollow noopener" target="_blank">#SECConsult</a> <a href="https://infosec.exchange/tags/TimoLongin" class="mention hashtag" rel="nofollow noopener" target="_blank">#TimoLongin</a> <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a> <a href="https://infosec.exchange/tags/GMX" class="mention hashtag" rel="nofollow noopener" target="_blank">#GMX</a> <a href="https://infosec.exchange/tags/CiscoSecureEmail" class="mention hashtag" rel="nofollow noopener" target="_blank">#CiscoSecureEmail</a><a href="https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/" rel="nofollow noopener" target="_blank">Source</a>

Chris MeyerEmail spoofing vulnerabilities based on forwarding, from <a href="https://mastodon.social/tags/UCSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#UCSD</a> researchers.<a href="https://today.ucsd.edu/story/forwarding_based_spoofing" rel="nofollow noopener" translate="no" target="_blank">https://today.ucsd.edu/story/forwarding_based_spoofing</a><a href="https://mastodon.social/tags/emailspoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#emailspoofing</a>

Bishop FoxIs your <a href="https://infosec.exchange/tags/domain" class="mention hashtag" rel="nofollow noopener" target="_blank">#domain</a> susceptible to <a href="https://infosec.exchange/tags/emailspoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#emailspoofing</a>? Find out using the tool Spoofy! Read about the origins of this tool and how it checks whether a list of domains (in bulk) can be spoofed based on <a href="https://infosec.exchange/tags/SPF" class="mention hashtag" rel="nofollow noopener" target="_blank">#SPF</a> & <a href="https://infosec.exchange/tags/DMARC" class="mention hashtag" rel="nofollow noopener" target="_blank">#DMARC</a> records. <a href="https://bfx.social/3wOngXu" rel="nofollow noopener" target="_blank">https://bfx.social/3wOngXu</a>

Bishop FoxIn preparation for today's <a href="https://infosec.exchange/tags/ToolTalk" class="mention hashtag" rel="nofollow noopener" target="_blank">#ToolTalk</a>, check out this write-up on the <a href="https://infosec.exchange/tags/emailspoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#emailspoofing</a> tool Spoofy! <a href="https://bfx.social/3wOngXu" rel="nofollow noopener" target="_blank">https://bfx.social/3wOngXu</a>

OPSEC Cybersecurity News LiveI clicked what looked like an Amazon email, but it (maybe) was from an Amazon affiliate. Ended up at Amazon.com anyway. Can I safely investigate? <a href="https://security.stackexchange.com/questions/268037/i-clicked-what-looked-like-an-amazon-email-but-it-maybe-was-from-an-amazon-af" rel="nofollow noopener" target="_blank">https://security.stackexchange.com/questions/268037/i-clicked-what-looked-like-an-amazon-email-but-it-maybe-was-from-an-amazon-af</a> <a href="https://aspiechattr.me/tags/emailspoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#emailspoofing</a> <a href="https://aspiechattr.me/tags/phishing" class="mention hashtag" rel="nofollow noopener" target="_blank">#phishing</a> <a href="https://aspiechattr.me/tags/malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#malware</a> <a href="https://aspiechattr.me/tags/virus" class="mention hashtag" rel="nofollow noopener" target="_blank">#virus</a> <a href="https://aspiechattr.me/tags/xss" class="mention hashtag" rel="nofollow noopener" target="_blank">#xss</a>

OPSEC Cybersecurity News Live"Undelivered Mail" I never sent (after registration on website) <a href="https://security.stackexchange.com/questions/267390/undelivered-mail-i-never-sent-after-registration-on-website" rel="nofollow noopener" target="_blank">https://security.stackexchange.com/questions/267390/undelivered-mail-i-never-sent-after-registration-on-website</a> <a href="https://aspiechattr.me/tags/emailspoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#emailspoofing</a> <a href="https://aspiechattr.me/tags/email" class="mention hashtag" rel="nofollow noopener" target="_blank">#email</a> <a href="https://aspiechattr.me/tags/dmarc" class="mention hashtag" rel="nofollow noopener" target="_blank">#dmarc</a>

ITSEC NewsAirline DMARC Policies Lag, Opening Flyers to Email Fraud - Up to 61 percent out of the IATA (International Air Transport Association) airline members do not ... <a href="https://threatpost.com/airline-dmarc-policies-lag-opening-flyers-to-email-fraud/158449/" rel="nofollow noopener" target="_blank">https://threatpost.com/airline-dmarc-policies-lag-opening-flyers-to-email-fraud/158449/</a> <a href="https://schleuss.online/tags/domain" class="mention hashtag" rel="nofollow noopener" target="_blank">#domain</a>-basedmessageauthentication <a href="https://schleuss.online/tags/reporting" class="mention hashtag" rel="nofollow noopener" target="_blank">#reporting</a>&conformance <a href="https://schleuss.online/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerabilities</a> <a href="https://schleuss.online/tags/emailspoofing" class="mention hashtag" rel="nofollow noopener" target="_blank">#emailspoofing</a> <a href="https://schleuss.online/tags/airtransport" class="mention hashtag" rel="nofollow noopener" target="_blank">#airtransport</a> <a href="https://schleuss.online/tags/websecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#websecurity</a> <a href="https://schleuss.online/tags/emailfraud" class="mention hashtag" rel="nofollow noopener" target="_blank">#emailfraud</a> <a href="https://schleuss.online/tags/airlines" class="mention hashtag" rel="nofollow noopener" target="_blank">#airlines</a> <a href="https://schleuss.online/tags/dmarc" class="mention hashtag" rel="nofollow noopener" target="_blank">#dmarc</a> <a href="https://schleuss.online/tags/iata" class="mention hashtag" rel="nofollow noopener" target="_blank">#iata</a>

Recent searches

Search options

Administered by:

Server stats:

#emailspoofing