Email security news, distilled.

Phishing, BEC, DMARC and inbox threats — pulled every two hours from 6 trusted sources, filtered down to what matters.

5 articles in Phishing
The Register

EvilTokens device-code phishing kit totally more evil than we all thought

EvilTokens device-code phishing kit bypasses MFA and authenticates to Microsoft 365 as victims. Cisco Talos revealed new evasion techniques and capabilities, highlighting the threat's sophistication to email security professionals managing organizational defense.

AI summary · generated with Claude
PhishingHighphishing
Read original
Bleeping Computer

Webinar: Why traditional email security is no longer enough

A webinar discussing how modern phishing, BEC, and account takeover attacks bypass traditional email security by exploiting trusted identities and workflows. The presentation covers behavioral AI solutions for automated detection and response.

AI summary · generated with Claude
PhishingphishingBusiness Email Compromiseemail securityemail compromise
Read original
ISC SANS

Why Ask Credentials If There Are Secret Codes?, (Wed, Jul 1st)

A phishing campaign targeting MetaMask cryptocurrency wallet users was detected. The attack uses alternative authentication methods instead of traditional credential theft, demonstrating evolving phishing tactics that security professionals should recognize.

AI summary · generated with Claude
PhishingMediumphishing
Read original
HackRead

New EvilTokens Attack Exposes Browser Visibility Gap in Enterprise SOCs

EvilTokens is a phishing attack that hides account takeover indicators until browser execution, leaving SOCs with limited visibility. Enterprise teams need enhanced monitoring to validate threats faster and reduce account compromise risk.

AI summary · generated with Claude
PhishingHighphishing
Read original
The Register

Health board apologizes for phishing staff with with bogus vacation day

A Canadian health board conducted a phishing awareness test on staff using a fake vacation day offer, which sparked backlash for its inappropriate theme. The organization apologized for the social engineering exercise designed to test employee security awareness.

AI summary · generated with Claude
Phishingphishing
Read original