Researchers accessed the Onliner spambot and found 711 million records, including email addresses, email and password combinations, and SMTP credentials and configuration files.

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Flashpoint warns of a new business email compromise campaign targeting organizations in various industries with the aim of harvesting credentials.

A phishing site seeking Apple credentials and victim payment card information is encrypted with AES, researchers at Ring 0 Labs said.

The results of an academic experiment reveal that recipients of Facebook messages are much more likely to click on suspicious links.

Google announced today new security features in Gmail, including the news that it will enhance early phishing detection in Gmail through dedicated machine learning.

Researchers said good social engineering and users’ trust in the convenience afforded by the OAUTH mechanism guaranteed Wednesday’s Google Docs phishing attacks would spread quickly.

Google’s E2EMail Chrome extension brings OpenPGP encryption to Gmail users.

SMTP Strict Transport Security is coming to major webmail providers this year, a Google engineer said at RSA Conference

Citing security concerns, Google announced that it will soon block JavaScript (.js) file attachments in Gmail.