Cybersecurity incidents this week include Google completing notifications for a Salesforce breach linked to ShinyHunters, and the discovery of Charon ransomware targeting the Middle East public and aviation sectors with APT-style tactics. Researchers exposed new 2TETRA:2BURST flaws in critical TETRA radio systems, while a WinRAR zero-day was exploited by Paper Werewolf and RomCom groups. The GreedyBear campaign stole over $1 million via malicious browser extensions, alongside an Ethereum trading bot scam using AI-generated YouTube videos to drain wallets of nearly $900,000. Let’s dissect each news in brief!
In today’s digital landscape, email security is more critical than ever. Cybercriminals frequently exploit email systems through spoofing and phishing, making it essential for organizations to adopt robust authentication methods. DomainKeys Identified Mail (DKIM) is one of the core email authentication protocols that helps verify a sender’s identity and ensures that messages are not altered in transit. Implementing DKIM involves publishing a TXT record in your domain’s DNS, which serves as a digital signature for outgoing emails.
How do third-party marketing agencies send emails on behalf of clients while staying
by DuoCircle
It is a common practice for businesses to delegate marketing tasks to third-party agencies. Working with these marketing agencies brings in added benefits such as specialisation in particular niches and cost-effectiveness. These agencies need to take extra care to ensure their emails don’t end up in the spam folder or get rejected.
DMARC policy transition strategies for global banks: Moving to quarantine and reject safely
by DuoCircle
DMARC has now become a non-negotiable for every organization that sends bulk emails on a daily basis. It is even more critical for banks, where the stakes are so high that it’s not merely about money, but also sensitive data of their customers, regulatory compliance, and the integrity of their brand.
Recent cybersecurity incidents underscore growing threats everywhere in healthcare, cloud services, and mobile platforms. A ransomware attack compromised over 113,500 patient records at a cancer centre; meanwhile, critical flaws in AI servers and enterprise security systems exposed risks of credential stealing and remote code execution. Alongside, fake VPN apps on official stores tricked users into fraudulent subscriptions, and a cloud container vulnerability allowed malicious actors to avoid isolation controls. These cases point to the need for prompt patching, stricter access controls, and user vigilance against growing cyber threats.
Sometimes your email just doesn’t reach its recipient. You’ve done everything right— crafted the perfect message, sent it to the correct address, and even authenticated your domain with email authentication protocols. Yet, it gets flagged or doesn’t even land in the receiver’s mailbox.
SPF macros can be best described as placeholders that are used within SPF records. They intend to make the SPF record more flexible and intelligent. This way, you don’t have to hardcode every detail; you can use macros like %{i}, %{d}, and %{h} to allow SPF records to adapt during a live email authentication check.
Using the DMARC reject policy for non email sending domains: A guide
by DuoCircle
You might think that only your active domain (the one that you use to send emails) is vulnerable to spoofing and phishing attacks. But the truth is, there is more than one way that attackers use to intercept your systems, and often they are the ones you least expect. That’s the reality of email-based attacks; they not only exploit your primary, active domain, but also make backdoor entries through non-email-sending domains and parked domains. The reason cybercriminals go after the parked domains, instead of active ones, is that the former are often overlooked. It is easier to think that the attackers might not even pay heed to the inactive ones, but they know that these dormant ones are low-hanging fruit.
From arrests slowing down major hacker groups to new threats quickly taking their place, this week has been full of movement in the cybersecurity space. Threat actors are shifting tactics, launching new ransomware groups, targeting telecoms, and using fake mobile apps to steal and extort. Even major airlines and telecom giants like Aeroflot and Orange haven’t been spared. Here’s a roundup of the key cyber incidents and developments of the week.
In an age where our inboxes are overflowing with messages, ensuring that the emails you send actually reach their intended recipients can feel like a daunting task. Have you ever wondered why some of your important emails end up lost in the void of the spam folder or, worse, get rejected outright? This is often due to a little-known defense mechanism called the Sender Policy Framework (SPF).
What is a DMARC analyzer tool, and how to use it in the best way?
by DuoCircle
If you are planning to secure your business email communications by deploying email authentication policies such as SPF, DKIM, and DMARC, know that this is just the tip of the iceberg. In order to ensure fool-proof security for your email landscape, you must use a DMARC analyzer tool. With its help, you get to evaluate DMARC reports closely, thereby bolstering the email system.
In a world where email communication is essential for businesses, it’s alarming how many organizations overlook the basics of email security. Have you ever received an email from a seemingly trustworthy source, only to later discover it was a clever spoof? This common issue highlights the importance of establishing a solid foundation for your email systems.
The 32KB limit in DMARC reports: What it means and why it matters
by DuoCircle
Has it ever happened to you that you sent around 500,000 emails a day but only received DMARC reports for half of them? That too, without any alerts or warnings?
In today’s tech-driven world, the threat of zero-day attacks looms larger than ever. These types of cyber threats catch many organizations off guard, often exploiting vulnerabilities before anyone knows they exist. Imagine a thief sneaking into your home through a door you didn’t even know was unlocked—that’s the reality for many businesses facing these hidden dangers.
From malware sneaking in through fake game cheats to ransomware hitting hospitals, this week’s cyber stories are anything but quiet. Lumma’s back in action, Coyote’s abusing Windows in clever ways, and even Dior couldn’t dodge a data breach. If you use the internet (and who doesn’t?), here’s what you should be paying attention to.
How to fix the “DMARC policy not enabled” error- Everything you need to know!
by DuoCircle
If you have stumbled upon this blog, then it is highly likely that you are dealing with the issue of the “DMARC policy not enabled” error. You get this message when your domain has a DMARC record, but there is no valid policy to define it. A DMARC record makes no sense without a DMARC policy. It’s like having a front desk guard in your building who smiles and nods, even when strangers walk in. Hence, the moment this message appears, you must understand that your email system is no longer protected against phishing and spoofing attacks.
In a world where emails are the primary means of communication, the risk of phishing attacks lurks just one click away. Whether it’s a seemingly innocuous message from a “trusted” source or a polished-looking request for sensitive information, these scams can catch anyone off guard. The reality is that identifying these threats isn’t just about having the latest technology; it also relies heavily on being informed and proactive.
How are Gmail and Outlook policies raising the bar for DMARC adoption?
by DuoCircle
There was a time when email security was a mere IT concern; it was a good-to-have but wasn’t really a priority. We are referring to a time when email-based threats were not as prevalent or dangerous as they are today. It might sound like we are talking about a distant past here, but that’s the reality. You can no longer put email security on the back burner, thinking that your emails will protect themselves or that cybercriminals will never reach you.
When you check your email, how often do you stop to think about the risks lurking behind seemingly innocent messages? Spear phishing attacks—targeted attempts designed to trick individuals into revealing sensitive information—are becoming more common and far more sophisticated. As cybercriminals zero in on their targets with personalized tactics, it’s essential for everyone, especially employees, to recognize these threats before they strike.
Attackers are getting creative again, using copy-paste tricks to drop malware, hiding Android threats inside broken app files, and setting up entire fake startups to steal crypto. Developers are being targeted through tampered npm packages, while a newly exposed Wing FTP flaw is already under active abuse. With techniques evolving fast, staying patched and alert is more important than ever. Read on to stay a step ahead!
![Charon Ransomware Threatens, Data Breach Notifications, TETRA Security Flaws – Cybersecurity News [August 11, 2025]](https://www.duocircle.com/wp-content/uploads/2025/08/spf-record-tester-5670.jpg)
![Patient Data Breach, Hackers Exploit AI, Code Execution Bug – Cybersecurity News [August 04, 2025]](https://www.duocircle.com/wp-content/uploads/2025/08/dmarc-generator-8901.jpg)
![Scattered Spider Imitators, New RaaS Emerges, Fake Apps Threaten – Cybersecurity News [July 28, 2025]](https://www.duocircle.com/wp-content/uploads/2025/08/sender-policy-framework-7840.jpg)
![Lumma Infostealer Returns, Coyote Malware Exploits, Interlock Ransomware Alert – Cybersecurity News [July 21, 2025]](https://www.duocircle.com/wp-content/uploads/2025/07/spf-record-generator-3672.jpg)
![FileFix Ransomware Threat, Konfety Malware Evasion, Crypto Users Targeted – Cybersecurity News [July 14, 2025]](https://www.duocircle.com/wp-content/uploads/2025/07/spf-record-tester-2341.jpg)