Catalin Cimpanu on Nostr: Lutra Security has discovered a new attack (Kobold Letters) that can hide email ...
Lutra Security has discovered a new attack (Kobold Letters) that can hide email content based on the context it is viewed in.
Because email clients treat CSS differently, and some styles will be applied incorrectly when an email is forwarded, allowing attackers to hide or unhide malicious content.
Vulnerable email clients include Gmail, Outlook on the Web, and Mozilla Thunderbird.
None of the vendors plan to release fixes.
https://lutrasecurity.com/en/articles/kobold-letters/
Because email clients treat CSS differently, and some styles will be applied incorrectly when an email is forwarded, allowing attackers to hide or unhide malicious content.
Vulnerable email clients include Gmail, Outlook on the Web, and Mozilla Thunderbird.
None of the vendors plan to release fixes.
https://lutrasecurity.com/en/articles/kobold-letters/