Category: Email Security

PCI SSC Mandates DMARC by March 2025 | Strengthening Payment Card Security

SECITHUB
Cybersecurity-themed image with a red 'Spam' warning and email security icons on a digital interface

DMARC Becomes a PCI DSS Requirement In February 2025, the Payment Card Industry Security Standards Council (PCI SSC) announced that DMARC (Domain-based Message Authentication, Reporting & Conformance) will become a mandatory requirement under PCI DSS v4.0.1, effective March 31, 2025. This mandate underscores the critical role of email authentication in protecting payment card data from phishing attacks and fraud. Why DMARC Is Critical for Payment Security Phishing attacks remain a top threat to financial organizations handling payment card data. Cybercriminals frequently impersonate legitimate entities, tricking recipients into disclosing sensitive data,…

Read More

New Phishing Campaigns Exploit Fake Voicemail Messages to Target Office 365 Users

SECITHUB
Smartphone showing a fake voicemail warning notification.

Cybercriminals are employing sophisticated phishing tactics by sending fake voicemail notifications to deceive Microsoft Office 365 users into revealing their login credentials. This method has been observed across various sectors, including military, healthcare, and manufacturing. Attackers dispatch emails that mimic legitimate voicemail notifications, often including an HTML attachment disguised as an audio file. When opened, this attachment redirects the recipient to a counterfeit Microsoft login page designed to harvest their Office 365 credentials. Targeted Industries Recent campaigns have specifically targeted U.S. organizations in sectors such as military, security software development,…

Read More

Malicious npm Packages Exploit Gmail SMTP to Steal Solana Wallet Keys

SECITHUB
Hacker in a hoodie surrounded by blockchain symbols.

Cybersecurity researchers have uncovered a series of malicious npm packages designed to exfiltrate Solana private keys by exploiting Gmail’s SMTP service. These packages, including @async-mutex/mutex, dexscreener, solana-transaction-toolkit, and solana-stable-web-huks, masquerade as legitimate tools but contain hidden scripts that intercept and transmit private keys to attacker-controlled Gmail accounts. Attack Methodology The attackers employ typosquatting techniques, creating packages with names similar to popular libraries to deceive developers into installing them. Once integrated, these packages capture private keys during wallet interactions and use Gmail’s SMTP server to send the stolen data to the…

Read More