Guardian Digital, Inc.

🛠️ Toolkit Time! 🛠️ Every sysadmin needs a reliable toolkit. Our newsletter is your virtual Swiss Army knife for combating email threats. Stay equipped and informed with the latest insights and strategies. Subscribe now and unpack the essentials! guardiandigital.com/newsletter-sig…

Employees are pasting source code and customer data into unsanctioned AI tools for work. That means sensitive data can leave the Microsoft 365 control plane without looking like classic exfiltration. In M365, this shows up through Copilot-adjacent workflows, browser sessions, and user copy/paste habits that bypass normal email-centric controls. Review data classification coverage and Entra ID access paths. csoonline.com/article/414338… #microsoft365 #Cybersec #InfoSec

Credential-harvesting phishing still ends with direct mailbox access using valid credentials. That matters because password theft can look like a normal Microsoft 365 sign-in. In M365, this usually shows up as token-backed access, inbox rule abuse, or internal phishing from a trusted account. Review Entra sign-in risk and mailbox rules. guardiandigital.com/resources/faq/… #microsoft365 #Cybersec #InfoSec

Attackers hid malicious JavaScript as a performance optimizer and only triggered it when no WordPress admin cookie was present. That lowers the odds a site owner sees the lure while visitors keep getting exposed. For Microsoft 365 admins, a trusted site can still be the delivery path to later identity abuse. Article//www.csoonline.com/article/4145123/clickfix-techniques-evolve-in-new-infostealer-campaigns.html #microsoft365 #TechSecurity #CyberThreats

The GlassWorm campaign hides malicious code using invisible Unicode characters that evade normal code review and diff tools. Visual code inspection alone is no longer reliable for supply chain trust. When compromised code runs on developer machines, attackers often harvest tokens, credentials, and secrets tied to Microsoft 365 services. Watch for unusual token usage tied to developer accounts. csoonline.com/article/414557… #microsoft365 #Cybersec #InfoSec

🚀 Designed for resilience! EnGarde Secure’s defense-in-depth model stops advanced cyberattacks at all levels: perimeter, behavior, and content. The infographic explains it all—grab now. #cybersecure #infosecadmin

@IntCyberDigest The ability to access keychains and crypto wallets is concerning. Are there early signs users might notice before full compromise, or steps they can take to check device integrity?

❗️GTIG has identified an exploit chain targeting Apple iOS users called DarkSword. Victims get compromised by visiting a website. It does: ▪️ Messages, contacts, call logs ▪️ Location, browser data ▪️ Crypto wallets, WiFi pass, keychains ▪️ Take screenshots, record audio

@alidougru @alidougru Interesting take on Claude being better. Have you noticed any differences in how Claude handles user data or privacy compared to ChatGPT?

Final statement for today: Claude is better than ChatGPT. Hate it or love it.

@BleepinComputer Noticed the scam leveraged Nordstrom’s actual email system, not just lookalikes. Has Nordstrom shared steps they're taking to prevent future unauthorized access and protect customer privacy after this incident?

Nordstrom's email system abused to send crypto scams to customers bleepingcomputer.com/news/security/… bleepingcomputer.com/news/security/…

@TheHackersNews The live remote session capability is alarming. Do you think current Android security layers are enough to detect such threats, especially when apps use accessibility features in creative ways?

🛑 Perseus, a new #Android malware, enables full device takeover via Accessibility abuse. It runs live remote sessions, steals banking credentials, and scans notes apps for sensitive data. It spreads through IPTV-style apps delivered via phishing and sideloading. 🔗 Read → thehackernews.com/2026/03/new-pe…

@CoinMarketCap Thanks for highlighting this phishing campaign. Are there specific indicators developers should watch for to help spot these malicious offers more quickly?

LATEST: 🚨 OpenClaw developers are being targeted by a phishing campaign on GitHub, offering fake tokens to trick them into connecting their wallets, according to OX Security.

@kimmonismus Great point about ChatGPT remembering context, especially with your NVIDIA interview example. Curious though, how does it ensure privacy and security when storing or referencing past chat details?

What has repeatedly surprised and impressed me is how well ChatGPT maintains its memory across different chats. It automatically refers back to topics I've already discussed, and questions I ask days later are correctly placed in context and related to the topic I've already discussed, without having to revisit it. A concrete example: In preparation for the interview with Kari Briski from NIVIDA, I did some fact checks, and ChatGPT automatically said, "Ah, it's about today's interview; in that context, the answer is..." That's a real "wow" moment for me. It feels much better than it did a few months ago.

@TheHackersNews Thanks for sharing. The rapid data extraction and trace wiping mentioned is alarming. Are there any signs users can watch for, or recommended steps to detect if a device has been compromised?

🚨 WARNING - A new #iOS exploit kit, DarkSword, has been active since late 2025 across multiple threat groups. It targets #iPhone on iOS 18.4–18.7, chaining zero-days to gain full access and rapidly extract data—files, messages, credentials, and crypto wallets—then wipe traces within minutes. 🔗 DarkSword details here → thehackernews.com/2026/03/darksw…

Microsoft observed ClickFix lures moving from Win+R to Windows Terminal for payload execution. That matters because detections tuned to Run dialog abuse can miss the same social engineering in a different execution path. In Microsoft 365 environments, endpoint and identity teams need the same playbook here. Article: csoonline.com/article/414512… #microsoft365 #InfoSec #CyberDefense

Researchers tied 151 compromised GitHub repos, npm packages, and VS Code extensions to the GlassWorm supply chain campaign. Attackers are targeting the software pipeline itself rather than individual users. Stolen developer credentials frequently become the path to Azure service principals, automation scripts, and Microsoft 365 administration access. Review sign-ins tied to developer identities and service principals. csoonline.com/article/414557… #microsoft365 #InfoSec #CyberThreats

@0xMatt @0xMatt Great point about SaaS services in SPF. Curious, do you see more abuse from newer SaaS platforms, or is it mostly big names like Salesforce and Mailchimp? Any best practices you recommend?

Confused that you have strong DKIM/DMARC rules & configured SPF, yet people are still spoofing your CEO's mail in fraud attempts? This may be because you included Salesforce, Mailchimp, or other SaaS in your SPF. Abusers can use free/fraudulent accounts there to spam "as" you.

@CBSNews @laurennfich Interesting that Claude can generate a deck from a single prompt. Curious how data privacy and security are handled during these tasks, and where human oversight fits into the process.

Anthropic's AI assistant Claude is being used for everything from life advice to complicated work tasks. But what happens when it's prompted to generate a pitch deck for a startup from a single prompt? CBS News' @laurennfich tried it out.

@alx @alx Absolutely, using an Authenticator app for 2FA is essential. Out of curiosity, do you have a preferred method for helping people identify phishing links before they click?

Now I’m begging… Stop clicking phishing links. 2FA with Authenticator app. Especially if you have a large account.

@IntCyberDigest Thanks for sharing these details, especially about Salesforce data being involved. Is Aura considering any new security controls or user training to better defend against future phishing attempts?

❗️Cybersecurity company Aura suffered a data breach after a phone phishing attack by ShinyHunters. The attackers gained access to an employee account. Most of the stolen data came from a company Aura acquired in 2021: over 900,000 names and email addresses stored in Salesforce. Additionally, data of fewer than 20,000 current and 15,000 former Aura customers was stolen, including names, emails, addresses, and phone numbers.

@PamphletsY @pamphletsY Phishing links can be surprisingly convincing. I wonder what the email said to prompt the click, was it urgent, or disguised as something routine? Small details make the difference.

🚨💻 “Breaking911”— Account "hacked "by phishing link

@FoxNews The fact that he continued phishing from prison shows how hard it is to stop cybercrimes. Should we implement stronger email authentication tools for high-profile targets?

BEHIND BARS: Georgia cybercriminal Kwamaine Ford faces 22 federal charges for allegedly phishing NBA, NFL players while imprisoned—then escalating to sex trafficking, prosecutors say. foxnews.com/us/georgia-cyb…