Latest issue
20 avril 2026
Attackers don't need to keep logging in. Once they've cracked an M365 account, they're planting mailbox rules within seconds of first access, and those rules survive password resets. They keep quietly siphoning vendor threads long after the incident has been "closed."
Read the latest issue
Archive
8 issues
20 avril 2026
Attackers don't need to keep logging in. Once they've cracked an M365 account, they're planting mailbox rules within seconds of first access, and those rules survive password resets. They keep quietly siphoning vendor threads long after the incident has been "closed."
Read issue
14 avril 2026
Three separate threat actors ran adversary-in-the-middle campaigns in seven days. State actors, commercial PhaaS operators, and financially motivated criminals. AitM has graduated from sophisticated technique to standard issue. And this week, Microsoft documented what happens when you combine it with AI-generated lures at scale.
Read issue
6 avril 2026
Attackers don't need custom malware when legitimate software does the job. This week's most active campaign delivered trusted remote management tools to 80+ US organizations by hiding them inside fake party invitations. The emails looked like Punchbowl. The links went through HubSpot. The payload was LogMeIn. None of it would look wrong to most security tools.
Read issue
30 mars 2026
Russia's FSB expanded their spear-phishing playbook to include an iOS exploit kit. In the same week, Iran-linked hackers compromised the FBI Director's personal email through a recycled password. Different actors, different targets, same gap: high-value individuals reached through channels that enterprise security doesn't cover.
Read issue
23 mars 2026
Email authentication passed. The phishing still landed. That's the uncomfortable headline from this week. It's about attackers using Microsoft's own infrastructure to send phishing emails that pass every authentication check you have.
Read issue
16 mars 2026
Attackers keep moving credential theft onto infrastructure defenders are reluctant to block. This week that meant a phishing kit built as a React app, hosted on Cloudflare Workers, and exfiltrating passwords through EmailJS. At the same time, the market data is clear on the defender side too: post-delivery cleanup, analyst workload, and identity-layer controls are now where email security programs win or lose.
Read issue
9 mars 2026
Microsoft blocked more than 30 million Tycoon 2FA phishing emails in a single month. This week, law enforcement took the platform down. Competing AitM services are already filling the gap.
Read issue
3 mars 2026
APT28 spent five months beaconing victims through a developer tool nobody blocks. Meanwhile, the Sophos numbers confirm what most practitioners already sense: BEC is accelerating, and identity is still the primary attack surface.
Read issueSubscribe here and stay up to date with what's happening in email security.