Email and data security company Mimecast has exposed a potentially dangerous email vulnerability and exploit called ROPEMAKER.
According to Mimecast, a malicious actor can remotely take advantage of functionality built into HTML email by manipulating the use of cascading style sheets (CSS) in HTML documents.
Hackers can change the body of an email and swap text into a malicious URL whenever they want, after email was sent and without directly accessing the inbox.
The use of web technologies, like CSS, make email more attractive, but also makes attacks much harder to detect if cybercriminals ever take advantage of ROPEMAKER in the future.
So far, no exploits have been reported in the wild.