Overview This report documents a large-scale phishing campaign in which attackers abused legitimate software-as-a-service (SaaS) platforms to deliver phone-based scam lures that appeared authentic and trustworthy. Rather than spoofing domains or compromising services, the attackers deliberately misused native platform functionality to generate and distribute emails that closely resembled routine service notifications, inheriting the trust, reputation, and authentication posture of well-known SaaS providers. The campaign generated approximately 133,260 phishing emails, impacting 20,049 organizations. It is part of a broader and rapidly escalating trend in which attackers weaponize trusted brands and native cloud workflows to maximize delivery, credibility, and reach. Observed brands […]

The post SaaS Abuse at Scale: Phone-Based Scam Campaign Leveraging Trusted Platforms appeared first on Check Point Blog.

The exploitation of the authentication bypass vulnerability started two days after patches were released.

The post Fresh SmarterMail Flaw Exploited for Admin Access appeared first on SecurityWeek.

See how modern AI-driven detection can block sophisticated attacks that traditional tools miss

The post Webinar Today: Rethinking Email Security for Mid-Sized Organizations appeared first on SecurityWeek.

Overview This report describes a phishing campaign in which attackers abuse Microsoft Teams functionality to distribute phishing content that appears to originate from legitimate Microsoft services. The attack leverages guest invitations and phishing-themed team names to impersonate billing and subscription notifications, encouraging victims to contact a fraudulent support phone number. Campaign scale Total phishing messages: 12,866 Daily average: 990 Affected customers: 6,135 Method of attack The attacker begins by creating a new team in Microsoft Teams and assigning it a malicious, finance-themed name designed to resemble an urgent billing or subscription notice. An example of the naming pattern observed includes […]

The post Attackers Continue to Target Trusted Collaboration Platforms: 12,000+ Emails Target Teams Users appeared first on Check Point Blog.

This report describes a phishing campaign in which attackers impersonate legitimate Google generated messages by abusing Google Cloud Application Integration to distribute malicious emails that appear to originate from trusted Google infrastructure. The emails mimic routine enterprise notifications such as voicemail alerts and file access or permission requests, making them appear normal and trustworthy to recipients. In this incident, attackers sent 9,394 phishing emails targeting approximately 3,200 customers over the past 14 days. All messages were sent from the legitimate Google address noreply-application-integration@google.com, which significantly increased their credibility and likelihood of reaching end users’ inboxes. Method of attack Based on […]

The post Phishing Campaign Leverages Trusted Google Cloud Automation Capabilities to Evade Detection appeared first on Check Point Blog.