Daily DMARC News
  • Home
  • Posts
  • Excello Mail ↗
  • EN
  • ES
  • PT

All Posts

Every post we’ve published — newest first.

News on this site is aggregated and summarized automatically from public industry sources. Occasional inaccuracies are possible and always unintentional — if you spot one, we’ll gladly correct or remove it. Report an issue.

  • July 15, 2026 5 min read

    CVE-2026-45185 'Dead.Letter': One Stray Byte Gives an Attacker Root on Your Mail Server

    Researchers at XBOW disclosed a critical vulnerability in Exim, nicknamed Dead.Letter and tracked as CVE-2026-45185, that lets an unauthenticated attacker execute arbitrary code on a mail server by sending a single stray …

  • July 14, 2026 5 min read

    One Phone Call, One Rogue Passkey: How O-UNC-066 Hijacks Microsoft 365 Accounts Without Sending a Single Email

    Okta Threat Intelligence published research on July 6, 2026 into a threat actor it tracks as O-UNC-066, and the campaign is notable for what it leaves out rather than what it includes. There is no phishing email, no …

  • July 13, 2026 6 min read

    One Opened Email, Two Year-Old Roundcube Bugs: How UNK_MassTraction Backdoored University Mail Servers

    Proofpoint has spent since May 2026 tracking a threat cluster it calls UNK_MassTraction, and the campaign is a useful reminder that some of the most damaging email-borne attacks never touch anything DMARC was built to …

  • July 12, 2026 5 min read

    Ghostwriter's Gmail Campaign Steals Passwords and 2FA Codes in Real Time. DMARC Was Never in Its Path.

    CERT Polska has spent the past several months tracking an intensified phishing campaign from UNC1151, the Belarus-linked threat group also known as Ghostwriter. Since March 2026, the group has shifted its long-running …

  • July 11, 2026 5 min read

    DEBULL and ARToken: Device-Code Phishing Kits That Never Touch a Fake Login Page

    Two phishing-as-a-service platforms surfaced in the first week of July 2026, and neither one builds a fake login page. DEBULL, documented by researchers at ZeroBEC, and ARToken, an affiliate panel of the EvilTokens …

  • July 10, 2026 5 min read

    CVE-2026-12472: The WordPress Flaw That Makes Phishing Pass Your Own DMARC Check

    A newly disclosed vulnerability in Kirki, a WordPress customizer framework installed on more than 500,000 sites, lets an unauthenticated attacker send phishing email through a site’s own outbound mail server. No …

  • July 9, 2026 5 min read

    Phantom Squatting: When AI Chatbots Recommend Your Brand's Fake Domain

    Researchers at Palo Alto Networks’ Unit 42 have documented an attack pattern that skips the inbox entirely. Large language models, it turns out, are remarkably consistent about inventing web addresses that sound …

  • July 8, 2026 5 min read

    Trusted by Design: How Stolen AWS Keys Turn Amazon SES Into an Authenticated Phishing Weapon

    Two independent research teams have now mapped the same attack pipeline from different angles. Kaspersky’s Securelist group documented a sharp rise in phishing and business email compromise campaigns abusing Amazon …

  • July 7, 2026 4 min read

    Seven Fake Domains, One RedLine Trail: The Maritime BEC Campaign That Shows What DMARC Cannot See

    A single command-and-control address tied to the RedLine infostealer, flagged on a non-standard high port, turned out to be the loose thread that unraveled an entire phishing operation. Researchers pivoting off that one …

  • July 6, 2026 4 min read

    97% of India's Fortune 100 Have a DMARC Record. 41% Still Have Not Enforced It.

    Proofpoint published new research this week on the state of email authentication among India’s Fortune 100 companies, and the headline number cuts against the usual narrative. Adoption is not the problem. …

  • July 5, 2026 4 min read

    A Spoofed Legal Email, a Fake Mimecast Folder, and CrownX Ransomware: Inside the Avalon Framework

    Researchers at Blackpoint Cyber’s Adversary Pursuit Group have published details on a previously undocumented malware framework they are calling Avalon, a modular toolkit that bundles credential theft, lateral …

  • July 4, 2026 5 min read

    Apple's Hide My Email Has Been Broken for a Year: What Address Privacy Failures Teach Us About Domain Security

    Apple’s Hide My Email is one of the more quietly popular privacy features in iCloud+. Type your Apple ID into a sign-up form, tap Hide My Email instead, and Apple generates a random alias, something like …

  • ««
  • «
  • 1
  • 2
  • 3
  • 4
  • 5
  • »
  • »»
Daily DMARC News

Daily news, analysis, and guidance on DMARC and email security.

Explore

  • Home
  • All posts
  • RSS feed

From the team

  • Excello Mail ↗
  • About
  • Contact
© 2026 Daily DMARC News. All rights reserved. From the team at Excello Mail.